​Internet Explorer Race To Fix Bug Amid Exploit

Author: Jennifer HongBy:
Staff Reporter
Aug. 8, 2014

Internet Explorer has a serious bug that can allow hackers to take over a computer, and some security experts say to ditch the Microsoft web browser. The bug has been exploited by hackers to create a new type of attack.

How it works is quite simple. Hackers set up a website that installs malware when you visit it. If you’re duped into visiting the website while using the Internet Explorer program, malware seeps into your computer and gives a stranger total control. You might not even notice.

“I’d say someone taking control of your computer is just the beginning of the worst case scenario,” said Adrian Sanabria, a security expert with 451research.com. “Because then they steal your info, get access to your email, etc.”

That’s where the real danger lies. Anyone in control of your computer can spy on everything you do. If it’s a PC at work, hackers can reach into anything an employee has access to.

It’s worse for those using Windows XP, because Microsoft no longer supports that operating system with security patches. To them, Microsoft says: Go upgrade to Windows 7 or 8.1.

The U.S. Department of Homeland Security recommends that people ditch Internet Explorer until there’s a patch — or install special software in the meantime instead.

But this bug is more omnipresent than it seems. Lots of machines use Windows — bank ATMs, point of sale systems, restaurant seating tools — and Internet Explorer is their default browser. If hackers manage to send them to a bad website, that machine is now under their control. It won’t be easy, but it’s possible.

“You don’t think of them as Windows PCs running software,” said Paco Hope, a consultant with software security firm Cigital. He advises that businesses talk to equipment vendors to determine how vulnerable they are.

Because this attack relies on a few of Internet Explorer’s extra features, there’s a relatively easy fix: Just disable them. FireEye advises disabling the Adobe Flash plugin. While Microsoft works on patching the bug, its engineers suggest running your browser in “Enhanced Protect Mode.” But computer experts say that will likely ruin your online experience.

That’s why the easiest solution is to just ditch Internet Explorer and use another browser, said Marius Buterchi with antivirus software maker Bitdefender. This attack doesn’t affect other Web browsers like Google Chrome, Mozilla FireFox or Apple Safari.

This type of attack is particularly nasty, because it affects every version of the Web browser from IE6 through IE11.

Share this article