Gaping hole lets hackers into Windows via Internet Explorer

28/06/04 - News and city section
'Gaping hole' lets hackers into Windows
By Sabi Phagura, Metro - This is London

Computer users have been warned to avoid using Internet Explorer until a gaping hole in the browser's security is fixed by Microsoft.

The loophole, created by hackers, lets criminals take control of a PC.

The threat of infection is high because a code to exploit the attack has been placed on many popular websites.

The attack, known as the Scob outbreak, is considered more dangerous than than the recent Sasser and Blaster infections. It could mean the websites of banks and auction houses being targeted by people trying to steal credit card data, experts said.

The attack takes advantage of three separate flaws in Microsoft products.

Software updates to fix two of them became available in April, Microsoft said.

But the third flaw has just been discovered and there is no patch to fix it yet, the American computer giant added.

The infection seems to target at least one recent version of Internet Information Server - Microsoft's software for operating websites.

Subtle changes are made to infected sites so visitors get a piece of code that is designed to retrieve software that records their keystrokes and can send data back to the hacker.

Such bugs - known as Trojan horses - are often used to fish for credit card numbers, bank accounts and passwords.

Internet security expert Alfred Huger said: 'Now that the code is out, other hackers are likely to adapt it to distribute software for spamming and for launching attacks against popular websites.'

American experts warned that any website could be affected by the code.

Microsoft advised computer owners to download the latest security updates.