16 Aug 2005
Exploit code has been found in the wild that targets a Microsoft vulnerability that the software giant patched just last week, security experts warned today.
Web monitoring firm Websense reported that a Swedish-hosted website has been engineered with malware built in that exploits a flaw in unpatched versions of Internet Explorer. The flaw allows hackers to gain complete control of PCs visiting the infected site.
"At this time, malicious websites have been observed to exploit this vulnerability by downloading and running code on the end user's machine," said the company in a statement.
"We expect to see additional exploits of MS05-038 in the near future, as it is very new and allows privileged access to the machine."
The website containing the code purports to be advertising pharmaceutical products and its URL has been spammed out to millions of inboxes. Owing to a small flaw in the malware, visitors to the site will also suffer a browser crash.
This is the second Microsoft patch to be cracked in less than a week. Exploit code for another patch appeared on Friday and by Monday had been used in a worm that is hitting Windows 2000 systems particularly hard.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
A leading US Prop Trading House/Market Maker is currently...
A leading financial services group has an urgent requirement...
UI Developer Wanted - CSS, HTML, JavaScript with .NET...
Java Developer - Gloucestershire - £35-40k per annum...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
another step up the hill
improved again?
Posted by: _CyB0rG 17 Aug 2005