Cyber-thieves use Internet Explorer flaw to install key-loggers
The BBC has warned surfers to beware of spam emails that direct users to a fake BBC website containing malicious code.
The emails apparently entice users with excerpts from genuine BBC stories and contain a link to read more.
But the link takes unwary users to a malicious website that exploits a recently discovered flaw in Internet Explorer to install software that monitors financial activity and logs keystrokes.
"This website exploits the unpatched createTextRange vulnerability and is currently being used to download and install a key-logger, " said security firm WebSense.
"This key-logger monitors activity on various financial websites and uploads captured information back to the attacker."
The BBC confirmed that this is not the first time that its brand has been used by hackers to lure people to malicious websites, and claimed that the technique is common practice.
Microsoft is expected to deliver patches for the vulnerabilities in its next security update due on 11 April.
However, two security firms, eEye and Determina, have produced patches that close this loophole in the interim.
The BBC has warned surfers to beware of spam emails that direct users to a fake BBC website containing malicious code.
The emails apparently entice users with excerpts from genuine BBC stories and contain a link to read more.
But the link takes unwary users to a malicious website that exploits a recently discovered flaw in Internet Explorer to install software that monitors financial activity and logs keystrokes.
"This website exploits the unpatched createTextRange vulnerability and is currently being used to download and install a key-logger, " said security firm WebSense.
"This key-logger monitors activity on various financial websites and uploads captured information back to the attacker."
The BBC confirmed that this is not the first time that its brand has been used by hackers to lure people to malicious websites, and claimed that the technique is common practice.
Microsoft is expected to deliver patches for the vulnerabilities in its next security update due on 11 April.
However, two security firms, eEye and Determina, have produced patches that close this loophole in the interim.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: