Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.


Internet Explorer zero-day flaw being exploited

09 October 2013, 17:26 Duncan Alfreds

Cape Town - A zero-day vulnerability has been discovered in Microsoft's Internet Explorer that could give hackers access to a computer.

"Researchers have observed attacks using this remote code execution vulnerability to install malware that attempts to disable the user's security products and redirects banking sites to a malicious IP address," security firm Trustwave said.

A zero-day vulnerability is one that is known, but software patches have not yet been built to close the software flaw.

Trustwave discovered that hackers are exploiting the vulnerability in Internet Explorer 8 "in the wild" by using it to install malware on infected machines.

The distribution model is closely linked to visiting compromised websites and the target has mainly been users of online banking platforms, Trustwave said.


So far, it appears that the attacks have been limited to computers that are set to run in Korean and Japanese.

"This Internet Explorer zero-day is currently used only on a small number of websites, and the attack was limited by its programmer to Japanese and Korean users. However, based on past experience, new drive-by exploits are quickly copied to other malicious sites because they can work against large number of users," said Trustwave director of Security Research Ziv Mador.

The company added that the vulnerability extends to Windows XP and 7 platforms, and that the flaw was reported to Microsoft.

It is recommended that users download the latest Microsoft patch issued on Tuesday by enabling Windows Updates.

Internet Explorer's share of users declined to 12.1% from 16.4% from a year ago, far behind market leader Chrome which commands of 53.2% of the browser market, according to w3schools.com.

Mador indicated that user banking information was the target of the attacks.

"The malware in the specific attack we observed is responsible for a number of malicious activities: It attempts to disable any security products that may be running on the victim's computer, redirects banking sites to a malicious IP address, and tries to steal credentials to popular online games."

- Follow Duncan on Twitter

- News24


Read News24’s Comments Policy

Comment on this story
Comments have been closed for this article.

Read more from our Users

Submitted by
Wilson Ochieng
DP Ruto accuses Raila of selling ...

DP Wiliam Ruto has castigated Raila Odinga for seeking western support to fund his 2017 election bid. Read more...

Submitted by
William Korir
Peter Kenneth announces Uhuru 201...

Peter Kenneth has announced that he will support President Uhuru Kenyatta in the 2017 elections. Read more...

Submitted by
Wilon Ochieng
Labour Party to dump both Jubilee...

The Labour Party of Kenya is likely to avoid supportoing both the CORD and Jubilee factions during the 2017 General Elections. Read more...

Submitted by
William Korir
Ukambani MP quits Jubilee, to run...

An Ukambani MP has quit the Jubilee Party, citing voter apathy as his reason behind leaving the ruling coalition. Read more...

Submitted by
Victor Tinto
Government launches probe into Po...

The government has launched an inquiry into the circumstances that could have led to two National Police Service helicopter accidents in August and September this year. Read more...

Submitted by
Wilwon Ochieng
Deputy Governor's ally found with...

The EACC has recovered KES 2 million in fake currency from a close ally of Deputy Governor for Tharaka Nithi Eliud Mati. Read more...