what is the word
Subscribe About Mail us
SciTech News - Hackers use BBC News website to exploit critical IE flaw

Hackers use BBC News website to exploit critical IE flaw
The UK website of broadcasting giant BBC, www.bbc.co.uk, is being used by malicious hackers to gain advantage of an unpatched, critical vulnerability in Microsoft's Internet Explorer. The site is being used as a foundation for a new phishing campaign by hackers designed to steal sensitive information from the users' computers. The UK website of broadcasting giant BBC, www.bbc.co.uk, is being used by malicious hackers to gain advantage of an unpatched, critical vulnerability in Microsoft's Internet Explorer. The site is being used as a foundation for a new phishing campaign by hackers designed to steal sensitive information from the users' computers.

The hackers usually send an email abstract of a BBC news story. When the user clicks on the Read More button, he/she is directed to a site ha is identical to BBC's own website. This fake site then downloads software onto the users' computer, which monitors the online banking habits of the user and sends the same to the hacker.

US-based security firm Websense Security Labs has issued an alert on its website about this new attack, "These email messages contain excerpts from actual BBC news stories and offer a link to 'Read More'. This keylogger monitors activity on various financial websites and uploads captured information back to the attacker," the firm warned in a posting on its site.

This news has caused concern at BBC, "We have had people creating spoof pages of our site before, but using them in this way to attack people's online security is particularly troubling to us and a cause for serious concern," observed Steve Herrmann, editor of the BBC News website.

The Internet Explorer flaw, which is causing this attack, concerns with the way the browser handles TextRange data. The flaw was discovered last month and Microsoft is working on patch, which is due to be released in its monthly bulletin on April 11. Until then Redmond has asked users to disable "active scripting" on the IE or use the second beta of its new IE 7.0 version.

It is reported that many websites have fallen into the hands of hackers as a result of this flaw. Meanwhile, third parties like eEye Digital Security and Determina have released temporary patches for this flaw, but Microsoft has cautioned against using this. If users cannot understand how to disable the Active Scripting feature, they are better off using alternate browsers like Mozilla's Firefox, Opera or Safari.
Written by : Jun Shen | Published on : 14:24:00 EST Tue, 04 Apr 2006
Of interest »
» Open Source is the future as Firefox storms ahead
» Microsoft could issue emergency patch for Trojan exploit
» BBC - homepage
» Opera Browser
» Firefox
» Internet Explorer 7 (IE7)
» Websense Security Labs - Home

New News »





Something to say?

Title
Your Name

Your Email


Enter this code Below

  


© 2006 What is the word | All Rights Reserved
RSS Channels » Money | Showbiz | SciTech | Lifestyle | Travel | USWorld