By Dave for PCTechBytes.com
Another IE8 Zero Day Exploit
Internet Explorer 8 has yet another zero-day exploit, which has prompted Microsoft to release an impromptu patch this week. Users are urged to apply this patch as soon as possible because it can lead to infection merely by visiting a website that has been exploited.
Note: This exploit only pertains to Internet Explorer 8. To see what version of Internet Explorer you have, open your browser and click the Help link at the top of your browser window.
With a normal virus, some type of user-interaction with an infected file is necessary for a computer to become infected, but not in this case. There are two ways a user can get infected with this zero-day exploit: Web-based and through phishing emails.
Phishing emails are sent to users in an attempt to trick a user into clicking a link and visiting a page that could run code that instantly infects a PC.
In a web-based attack, a hacker could create a website with a webpage that is used to exploit this vulnerability. Or compromised websites can inadvertently host user-provided content or ads that contain specially-crafted content that can use this exploit. In each of these instances, an attacker would have no way to force users to visit an infected website. Instead, the hacker would have to convince a user to visit the website, usually by getting them to click a link in an email that takes them to the attacker’s website. Or a high-traffic website can be hacked and used to redirect users to a site that contains the exploit.
In fact, Informationweek reported that the U.S. Department of Labor website was hacked Tuesday and was used to exploit users running Internet Explorer 8.
This post is excerpted with the permission of PCTechBytes.com
153 total views, 1 views today