Internet Explorer under attack even if not in use

With the number of non-Internet Explorer (IE) browsers expanding rapidly, a new spyware attack has surfaced that uses Java to infect IE even when the browser isn’t being used at the time.

The result, says a researcher, is that even users of browsers such as Mozilla, Firefox and Avant can find their Windows operating system and Internet Explorer browser infested with malicious code. While limited in its effectiveness, the attack is significant because it represents a shift away from the use of browser-specific technology as an attack vector, said some security experts.

Previous attacks have often used technology such as ActiveX which can only interact with IE; many users have switched away from IE specifically to get away from such technologies.

News of the attack first surfaced on a Web forum and was later investigated by Christopher Boyd of Vitalsecurity.org, a U.K.-based security news site. When users visit an infected site, they are asked to install a Java applet distributed by “Integrated Search Technologies”.

If the user agrees, a .jar file is downloaded, which proceeds to download and install a number of adware applications, according to Boyd. Internet Explorer then automatically opens, displaying advertisements and embedded advertising tools. The attack works regardless of IE’s security settings, Boyd said. The installed adware includes DyFuCA, Internet Optimizer, ISTsvc, Kapabout, sais (180 Solutions), SideFind and Avenue Media, he said.

Several factors limit the seriousness of this particular attack. It only works with Sun Microsystems Inc.’s Java Runtime Environment, not that made by Microsoft Corp. The Java dialogue box warns that the applet’s security certificate was issued by a company that is “not trusted”, and that the certificate “has expired or is not yet valid”. However, such warnings will not necessarily keep users from installing the applet, particularly if it appears on an innocuous site, Boyd said. The applet turned up on a site distributing Neil Diamond lyrics.

The installer works on Firefox, Mozilla, Netscape and Avant, but was blocked on NetCaptor and Opera, Boyd said. “Only two out of six had the good sense to steer clear of even asking the user if they wanted to install the applet,” Boyd wrote on Vitalsecurity.org.

Not everyone agrees the attack is any cause for concern. Mike Healan, of antispyware site SpywareInfo, said Java attacks are nothing to worry about because applets always generate a warning before installing code that runs outside the Runtime Environment’s “sandbox”, its security-protected area. “Personally, I don’t see this installer as a problem. It can’t do anything unless the user ignores a very stern security warning,” he said in a comment on the site.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now