Saturday March 20, 2010 3:31 PM AEST

PC Authority > News > Criminals target old versions of IE - is it time to finally change your browser?

NEWS

Criminals target old versions of IE - is it time to finally change your browser?

by Daniel Long on Mar 15, 2010

7 Comments

A German security company has warned people using outdated versions of Internet Explorer that they risk attack, thanks to vulnerabilities in the older browser's code

Through a phishing or spam related e-mail, users of older versions of Internet Explorer (versions 6 and 7) can be lured to malicious websites, where a shell code and JavaScript can be inserted into the end user's PC to create the missing link in the vulnerability.

German Security firm G Data has warned that attacks on older IE browsers could be similar to that of Operation Aurora, a security "exploit" that was used by Chinese hackers to target the networks of Google, Adobe and other IT companies earlier this year.

This latest threat, aimed at those surfers still using the outdated IE web browsers, has the potential to hijack a user's PC.

Security firms have been warning users of the outdated Microsoft browsers to update their versions since the threat became known in January this year. However, new exploits found in code published online are now likely to give attackers a larger audience to exploit.

Already, the events have become something of a cyber-thriller, with suspected Chinese hackers using state-run universities as cover try to bring down the world's most prosperous search engine. Meanwhile, one studious Israeli security researcher attempts to warn about an impending security exploit by publishing the source code online. The IE exploit is now unleashed in the cyber wilderness thanks to Israeli security 'hacker' Moshe Ben Abu's work publishing the code.

The "Aurora" IE Exploit in Action from The Crew of Praetorian Prefect on Vimeo.

Alternative browsers and recent versions of IE are being promoted as a likely quick fix, before an expected update from Microsoft in a security patch next Tuesday.

According to a story at The Register, the Operation Aurora exploits were known about as early as August last year, months before Google and others were attacked.

G Data cautions that only IE 6 and 7 are affected by the security vulnerability. The German based security firm is encouraging all users of older Microsoft browsers to upgrade to IE 8, which is not identified as being at risk. Alternative browsers such as Firefox and Chrome are starting to look very attractive by virtue of being free from the exploit risk.

In January, the German government warned its citizens to avoid potential attacks by running an alternative browser to Microsoft's Internet Explorer.

If you've been waiting for a reason to try Chrome, Opera or Firefox and you can't wait for Microsoft's patch, now might be the time to make the switch.

7 comments in this discussion

"petergaskin wrote: The big issue is upgrading your os.You will find it very hard to get antivirus software for your windows 98 or older os. Then it doesnt matter what browser program you are ..."

By Slatts

Top 10 IT Heroes

Top 10 best releases from Microsoft

Top 10 technology tussles

Latest News

Kindle for Mac app launches, Amazon promises Kindle for iPad

Google, Sony and Intel team up for Google TV

Broadcom claims world’s fastest single-chip Ethernet switch

HP settles spat over counterfeit printer ink

APRIL PC AUTHORITY - ON SALE NOW
In our AMD vs Intel CPU megatest we rate 50 of the best on the market - from budget to performance.
15 Internet Security Software packages get a going over in our 'torture test'.
Plus, we look at what works and what fails in MS Office 2010 and tell you how to try it - for free.

Ads by Google

Comments: 7

Thoughts on this article? Add a comment below.

Slatts Mar 17, 2010 8:32 PM	To use an old version of a browser is to compromise the security of your computer and that of everyone else on your network and quite possibly everyone in your address book. It's no big deal to keep your browser of choice up to date. Comment made about the PC Authority article: Criminals target old versions of IE - is it time to finally change your browser?? A German security company has warned people using outdated versions of Internet Explorer that they risk attack, thanks to vulnerabilities in the older browser's code What do you think? Join the discussion.
Slatts Mar 17, 2010 8:43 PM	Some useful links. Firefox Chrome Safari Opera IE8 (if you must..) Now you have no excuse.
krazikiwi Mar 19, 2010 6:36 PM	IE8 is a good browser, Slatts. I don't care what you think of it. It isn't feature rich like firefox, but it has some pretty good backing. I refuse to touch chrome, and I can't stand safari. So I will be forced to use FF on my new Mac, though I will probably use IE8 when I have parrallels running.
.:Cyb3rGlitch:. Mar 19, 2010 8:30 PM	IE8 isn't bad, but it isn't necessarily good either. I prefer Chrome myself. Internet Explorer is yet to implement a HTML 5.0 standards compliant engine, or pass the ACID 3.0 test.
Slatts Mar 19, 2010 8:32 PM	krazikiwi wrote: IE8 is a good browser, Slatts. I don't care what you think of it. It isn't feature rich like firefox, but it has some pretty good backing. I refuse to touch chrome, and I can't stand safari. So I will be forced to use FF on my new Mac, though I will probably use IE8 when I have parrallels running. I was just indulging in a bit of chain pulling krazi. It seems to've born fruit.:p I personally am happy to use Firefox. I've got it set up just how I like it. There are still some sites where IE is a must. For them I have IE8. I don't really dislike it, I just like Firefox better.
petergaskin Mar 19, 2010 8:41 PM	The big issue is upgrading your os.You will find it very hard to get antivirus software for your windows 98 or older os. Then it doesnt matter what browser program you are using! What will happen when antivirus programs stop supporting xp?
Slatts Mar 19, 2010 9:20 PM	petergaskin wrote: The big issue is upgrading your os.You will find it very hard to get antivirus software for your windows 98 or older os. Then it doesnt matter what browser program you are using! What will happen when antivirus programs stop supporting xp? 98 is a good 12 years old peter. I was still using it on an old laptop till the end of last year when it finally and irrevocably karked it. Till then I used an older version of AVG and FF 2.something. I think it'll be a while before XP hits the dustbin of history. By the time it does the vast majority of users will be using Vista, Win 7 or the next OS out of Redmond. Are you suggesting that win 3.11 for work groups should still be supported by the antivirus vendors? I'm not sure where you're going with this. EDIT: Sorry peter, I just re-read you post. It seems you're advocating upgrading you OS. In which case, ignore my first and last paragraph.#-o Edited by Slatts: 19/3/2010 09:26:10 PM