Through a phishing or spam related e-mail, users of older versions of Internet Explorer (versions 6 and 7) can be lured to malicious websites, where a shell code and JavaScript can be inserted into the end user's PC to create the missing link in the vulnerability.
German Security firm G Data has warned that attacks on older IE browsers could be similar to that of Operation Aurora, a security "exploit" that was used by Chinese hackers to target the networks of Google, Adobe and other IT companies earlier this year.
This latest threat, aimed at those surfers still using the outdated IE web browsers, has the potential to hijack a user's PC.
Security firms have been warning users of the outdated Microsoft browsers to update their versions since the threat became known in January this year. However, new exploits found in code published online are now likely to give attackers a larger audience to exploit.
Already, the events have become something of a cyber-thriller, with suspected Chinese hackers using state-run universities as cover try to bring down the world's most prosperous search engine. Meanwhile, one studious Israeli security researcher attempts to warn about an impending security exploit by publishing the source code online. The IE exploit is now unleashed in the cyber wilderness thanks to Israeli security 'hacker' Moshe Ben Abu's work publishing the code.
The "Aurora" IE Exploit in Action from The Crew of Praetorian Prefect on Vimeo.
Alternative browsers and recent versions of IE are being promoted as a likely quick fix, before an expected update from Microsoft in a security patch next Tuesday.
According to a story at The Register, the Operation Aurora exploits were known about as early as August last year, months before Google and others were attacked.
G Data cautions that only IE 6 and 7 are affected by the security vulnerability. The German based security firm is encouraging all users of older Microsoft browsers to upgrade to IE 8, which is not identified as being at risk. Alternative browsers such as Firefox and Chrome are starting to look very attractive by virtue of being free from the exploit risk.
In January, the German government warned its citizens to avoid potential attacks by running an alternative browser to Microsoft's Internet Explorer.
If you've been waiting for a reason to try Chrome, Opera or Firefox and you can't wait for Microsoft's patch, now might be the time to make the switch.
