Microsoft has warned that remote attackers are taking
advantage of an unpatched flaw in its Internet Explorer browser to
contaminate PCs with a Trojan horse virus.
The company says malicious software that exploits the security
flaw is now circulating on the internet. It has advised users to
visit the Microsoft website and use its recently launched on-line
security scanning tool to decontaminate their systems.
The scanning tool is equipped to detect and remove the recently
discovered TrojanDownloader:Win32/Delf.DH virus, said
Microsoft.
The bug was originally discovered by industry security experts
this spring, and it was originally thought that it could only be
used to crash Internet Explorer.
Microsoft has now warned that it can be used to take over users’
machines, alowing remote attackers to execute arbitrary code.
The Trojan horse is downloaded onto users’ machines when they
visit malicious websites. As no further user interaction is
required to install the bug once they are on the site, the threat
is “critical” according to Microsoft’s own classifications.
Internet security company Secunia has classed the threat as
“extremely critical”.
Microsoft currently has no patch for the threat, but says it is
working on one. The company plans to release its next batch of
monthly security updates on 13 December.