12 November 2004
A new computer worm emerged on Tuesday which broke the speed record from the announcement of a security vulnerability in Microsoft's Internet Explorer to a full-blown virus that spreads in the wild.
The vulnerability was discovered and made public by two hackers with aliases "ned" and "SkyLined" on Friday, and only four days later a worm exploiting the weakness was developed and set loose, several virus-trackers reported.
Microsoft said the worm is a variant of MyDoom and that it was investigating the threat the worm poses. Some anti-virus companies said the new worm was different from MyDoom because it spreads via weblinks and not e-mail attachments.
"People will receive an e-mail saying that their PayPal account has been credited or that they are invited to watch a webcam. When they click on the link, just by viewing a site it executes code and infects the computer," said technical consultant Graham Cluley at Sophos Anti-Virus.
Microsoft was expected to issue its monthly batch of security patches later on Tuesday, but the company could not immediately say if a patch for the new worm would be part of it. However, the U.S. software giant said that consumers who had installed Service Pack 2 for Windows XP were at a reduced risk.
The weakness in Internet Explorer is known as the IFRAME buffer overflow vulnerability.
News source: Reuters
Comments: Post a Comment