Prompt's TechBlog
Crooks use BBC News stories to install keyloggers
31 March 2006
Posted by Elissa Fry
People are being warned that spam emails containing BBC News stories are being used to trick them into visiting malicious websites, which cybercrooks are using to install a type of software called a keylogger onto vulnerable PCs. It enables passwords to be stolen, so that crooks can access a web user's financial details.
The keylogger monitors financial activity and then sends what it has picked up back to the attacker. This latest breach of online security works by exploiting the "createTextRange()" vulnerability in IE, according to Websense's alert. The vulnerability has to do with how Internet Explorer handles the "createTextRange()" tag in Web pages.
This flaw can be further exploited to download trojan horses and spyware to PCs. Microsoft has said that it's working on finding a fix for the browser. However, eEye Digital Security and Determina both released unofficial fixes for the IE flaw earlier this week.
The keylogger monitors financial activity and then sends what it has picked up back to the attacker. This latest breach of online security works by exploiting the "createTextRange()" vulnerability in IE, according to Websense's alert. The vulnerability has to do with how Internet Explorer handles the "createTextRange()" tag in Web pages.
This flaw can be further exploited to download trojan horses and spyware to PCs. Microsoft has said that it's working on finding a fix for the browser. However, eEye Digital Security and Determina both released unofficial fixes for the IE flaw earlier this week.
# posted by Elissa Fry at 2:40 PM 
Comments:
Post a Comment
<< Home