Huge security breach makes IE a liability

Internet Explorer users are at risk from a new threat that uses a browser add-on to steal login information for nearly 50 banking sites, including Barclays and HSBC, security experts have warned.

The malicious file, which appears to be spreading via a pop-up ad, appears on the heels of an attack that used compromised servers on major e-commerce websites to infect fully-patched IE browsers. The fact that Microsoft hasn't yet released a patch for the latter bug should lead IT managers to seriously consider switching their users away from IE, at least temporarily, according to some security experts.

The latest threat takes the form of a Browser Help Object (BHO), a helper file that allows developers to customize IE. In recent months, hackers have used BHOs to install spyware on a user's PC. The add-ons are so closely integrated with IE that they are difficult to detect and remove, and aren't caught by anti-virus programs such as Norton Antivirus, security experts say.

The new BHO threat appeared last Thursday, when an unnamed "major dotcom" forwarded a suspicious file called "img1big.gif" to The SANS Institute. The file contained a "file dropper" Trojan which installed the BHO, a randomly-named .dll file inserted in the C:\WINDOWS\System32\ directory, according to SANS researcher Tom Liston. The file did not install properly on the intended victim's PC because of account restrictions. SANS issued an advisory on the attack Tuesday.

The helper object watches for HTTPS (secure ) access to any of several dozen banking and financial sites in several countries, including Citibank, Barclays, HSBC and Deutsche Bank, grabbing any potential login data before it is encrypted. The object then sends the data to the attackers, who researchers said appear to be in South America.

"I believe that this particular type of malware represents a huge threat to the online financial industry," Liston said in his analysis. "As the proliferation of ad and spyware shows, installing executable software on users' machines is far too easy."

Users can avoid the threat by switching their IE security settings to "high", Microsoft said. In addition, the upcoming Windows XP Service Pack 2 will include a tool allowing the detection and removal of helper objects that are currently invisible to the user. The malicious code is apparently spreading via an old vulnerability in the way IE handles CHM (Compiled HTML Help) files, so fully-patched browsers may be less at risk.

IE may be too much of a risk for companies to continue using, at least until recently exploited vulnerabilities have been patched, according to security experts. In its advisory on the recent Web server-based attack, security organization CERT noted that "it is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites".

Yet switching browsers will not be a simple matter for many IT managers, partly because of user familiarity with the IE interface, and partly for technical reasons. "A decision to switch may reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX," said U.S. CERT. In addition, Web developers argue that a large number of sites are effectively tied to IE because they are tuned to the quirks of the dominant browser rather than to industry standards.

Even if user objections can be dealt with, switching doesn't necessarily solve the problem. CERT notes that switching doesn't remove IE from a Windows system, and other programs may still invoke IE, the WebBrowser ActiveX control or IE's HTML rendering engine.

IE isn't the only browser to allow developers to install powerful helper objects -- competing programs such as Mozilla and Opera have similar functionality, though it hasn't been exploited, researchers said.

Regardless of Microsoft's efforts at releasing timely patches and tightening IE security, the browser will remain a risk because nearly every PC uses it, according to security experts. "The primary reason for concern is the huge market dominance that Internet Explorer enjoys," said Symantec. in its most recent Internet Security Threat Report. "Client-side vulnerabilities in Internet Explorer continue to pose potential threats to organizations."

There are few signs that IE's dominance is changing as a result of security worries. Google's Zeitgeist feature, which records how the site is used, noted a decline in IE 6.0 usage earlier this year, but the browser soon regained its upward trend. Alone, IE 6.0 accounted for more than 90 percent of the browsers visiting Google as of the end of May; earlier IE versions add to the figure. Netscape/Mozilla and "other" browsers are also on an upward trend but make up a fraction of the overall market.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Logitech Ultimate Ears Wonderboom Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?