Huge security breach makes IE a liability

Internet Explorer users are at risk from a new threat that uses a browser add-on to steal login information for nearly 50 banking sites, including Barclays and HSBC, security experts have warned.

The malicious file, which appears to be spreading via a pop-up ad, appears on the heels of an attack that used compromised servers on major e-commerce websites to infect fully-patched IE browsers. The fact that Microsoft hasn't yet released a patch for the latter bug should lead IT managers to seriously consider switching their users away from IE, at least temporarily, according to some security experts.

The latest threat takes the form of a Browser Help Object (BHO), a helper file that allows developers to customize IE. In recent months, hackers have used BHOs to install spyware on a user's PC. The add-ons are so closely integrated with IE that they are difficult to detect and remove, and aren't caught by anti-virus programs such as Norton Antivirus, security experts say.

The new BHO threat appeared last Thursday, when an unnamed "major dotcom" forwarded a suspicious file called "img1big.gif" to The SANS Institute. The file contained a "file dropper" Trojan which installed the BHO, a randomly-named .dll file inserted in the C:\WINDOWS\System32\ directory, according to SANS researcher Tom Liston. The file did not install properly on the intended victim's PC because of account restrictions. SANS issued an advisory on the attack Tuesday.

The helper object watches for HTTPS (secure ) access to any of several dozen banking and financial sites in several countries, including Citibank, Barclays, HSBC and Deutsche Bank, grabbing any potential login data before it is encrypted. The object then sends the data to the attackers, who researchers said appear to be in South America.

"I believe that this particular type of malware represents a huge threat to the online financial industry," Liston said in his analysis. "As the proliferation of ad and spyware shows, installing executable software on users' machines is far too easy."

Users can avoid the threat by switching their IE security settings to "high", Microsoft said. In addition, the upcoming Windows XP Service Pack 2 will include a tool allowing the detection and removal of helper objects that are currently invisible to the user. The malicious code is apparently spreading via an old vulnerability in the way IE handles CHM (Compiled HTML Help) files, so fully-patched browsers may be less at risk.

IE may be too much of a risk for companies to continue using, at least until recently exploited vulnerabilities have been patched, according to security experts. In its advisory on the recent Web server-based attack, security organization CERT noted that "it is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites".

Yet switching browsers will not be a simple matter for many IT managers, partly because of user familiarity with the IE interface, and partly for technical reasons. "A decision to switch may reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX," said U.S. CERT. In addition, Web developers argue that a large number of sites are effectively tied to IE because they are tuned to the quirks of the dominant browser rather than to industry standards.

Even if user objections can be dealt with, switching doesn't necessarily solve the problem. CERT notes that switching doesn't remove IE from a Windows system, and other programs may still invoke IE, the WebBrowser ActiveX control or IE's HTML rendering engine.

IE isn't the only browser to allow developers to install powerful helper objects -- competing programs such as Mozilla and Opera have similar functionality, though it hasn't been exploited, researchers said.

Regardless of Microsoft's efforts at releasing timely patches and tightening IE security, the browser will remain a risk because nearly every PC uses it, according to security experts. "The primary reason for concern is the huge market dominance that Internet Explorer enjoys," said Symantec. in its most recent Internet Security Threat Report. "Client-side vulnerabilities in Internet Explorer continue to pose potential threats to organizations."

There are few signs that IE's dominance is changing as a result of security worries. Google's Zeitgeist feature, which records how the site is used, noted a decline in IE 6.0 usage earlier this year, but the browser soon regained its upward trend. Alone, IE 6.0 accounted for more than 90 percent of the browsers visiting Google as of the end of May; earlier IE versions add to the figure. Netscape/Mozilla and "other" browsers are also on an upward trend but make up a fraction of the overall market.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?