Fake BBC e-mails seek to exploit IE flaw

By Bill Brenner, Senior News Writer 31 Mar 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

If you receive an e-mail with snippets of news from the BBC, beware. They're not what they seem.

Attackers are spamming out these messages and hoping readers will click on a link to "read more." Those who do will be sent to a Web site that exploits the createTextRange flaw in Internet Explorer, dropping keyloggers onto victims' machines that can be used to steal bank account information.

That warning comes from San Diego-based Websense Inc., which offered details on its Web site, including a screen shot of an infected Web page.

"These e-mail messages contain excerpts from actual BBC news stories and offer a link to 'read more,'" Websense said. "Users who follow this link are taken to a Web site that is a spoofed copy of the BBC news story from the e-mail."

The Web site then attempts to exploit the unpatched vulnerability by installing a keylogger on a victim's machine. "This keylogger monitors activity on various financial Web sites and uploads captured information back to the attacker," Websense said.

To date, more than 200 Web sites have reportedly been uncovered that exploit the createTextRange flaw, but the spoofed BBC site appears to be the first example of a specific e-mail campaign purporting to be from a legitimate source that tries to trick recipients into visiting an illegitimate site.

Concern over the security hole and a fear of this type of exploit prompted Aliso Viejo, Calif.-based eEye Digital Security Inc. and Redwood City, Calif.-based vulnerability protection firm Determina Inc. to release their own fixes.

Microsoft has been developing a patch and plans to have it ready April 11, or perhaps sooner if warranted. However, in a Tuesday post to the Microsoft Security Response Center blog, Security Program Manager Mike Reavey said the software giant had not seen an increased spread of attacks, and has been working with enforcement to deactivate malicious Web sites.

"But attacks are still occurring," Reavey said, "so we certainly still recommend up-to-date AV software and our safe browsing guidance while we work on the update, and have updated the security advisory with a list of VIA partners that are currently providing protection."

Tags: Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Browser Security Microsoft warns that IE zero-day vulnerability causes data leakage Browser exploit kit probe highlights need for patching, vigilance Google to pay for Chrome browser vulnerabilities Attackers continue barrage of SEO attacks Microsoft emergency IE update to block latest corporate attacks Facebook, McAfee partner to fix social network security issues Firefox, Opera, Safari browsers top list of high risk software Mozilla fixes Firefox critical memory corruption errors FBI estimates rogue antivirus losses exceeding $150 million Adobe updates Flash Player, fixes seven serious vulnerabilities Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary browser hijacker  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) honey monkey  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) NCSA  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary