IT News from
Enterprise Product Reviews from
Enterprise Software News from
IT Security News from
Enterprise Storage News From
VoIP News from
IT Management Insights from
Business News from
SEARCH

January 29, 2004 (9:54 AM EST)

Security Firm Warns Of New Download Flaw In IE

Security Firm Warns Of New Download Flaw In IE

By

A security firm has issued a warning about another flaw in Microsoft's Internet Explorer browser, the company said Wednesday.

The Danish security company Secunia posted a 'moderately critical' alert detailing the vulnerability, which could allow hackers to fool users into downloading malicious files. The problem affects Internet Explorer 6, said Secunia in its alert, but earlier editions may also be at risk.

By embedding a CLSID (CLasS ID, the identifier of COM objects in Microsoft's COM architecture) in the file name, attackers could disguise a malicious file as something users normally trust. After enticing users to their Web sites -- often done by inserting a link in an e-mail message -- attackers could, for instance, get recipients to download what appears to be a Word document, but which in fact is a Trojan horse, key logger, or even a worm, such as the still-spreading Mydoom.

Secunia recommended that users do not use the open file option when downloading a file from suspicious Web sites, but instead save the file to disk to see the true file type before running.

The new spoofing tactic would be especially effective if combined with an earlier IE vulnerability that lets hackers disguise the identity of a Web site by showing a bogus URL in the browser's address bar. Secunia disclosed that IE flaw last month, and although Microsoft has posted a notice with tips on how to avoid such spoofing, it has not yet released a patch.

Among those tips, Microsoft recommends that users not click on hyperlinks, but instead type URLs directly into IE's address bar.


   Try TechWeb's RSS Feed!
(Note: The feed delivers stories from TechWeb.com only, not the entire TechWeb Network.)

Sun Blade 6000: Multi-core processors by Sun, AMD, and Intel, in one chassis.

Free analysis to plan and design deployment of Vista in your enterprise

How to secure handhelds: Protect corporate data in wireless email

Edmunds.com deploys new IT environment powered by Dell PowerEdge servers

Advice & How-to's for Small to Midsize Companies

Related White Papers

CAREER CENTER
Ready to take that job and shove it?
SEARCH
Function:

Keyword(s):

State:
SPONSOR

RECENT JOB POSTINGS
CAREER NEWS
If you're thinking about establishing yourself in Second Life -- or are wondering whether you should -- we've got five rules that will help your new venture be a success.

The global defense and tech company is seeking tech professionals skilled in Web site development, general software development, database administration, digital manufacturing, SAP/ABAP, complex CAD/CAM and PLM activities.

Advertisement






Specialty Resources

Featured Microsite


Microsites

Featured Topic

Additional Topics

Crush The Competition

TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.

Techencyclopedia

Get definitions for more than 20,000 IT terms.