Internet Explorer opens Google Desktop to fraudsters


Internet Explorer opens Google Desktop to fraudsters

Antony Savvas

A new bug in Microsoft’s Internet Explorer browser potentially allows phishers to steal information from users who use the Google Desktop search tool.

As Google Desktop can search, store and pull-up e-mail data and other files that contain banking log-ins and other sensitive data, the bug could be used by remote attackers to harvest such details to carry out fraud.

There is currently no patch for the bug, which has been reported by Israeli internet security expert Matan Gillon. No other browsers are affected by the vulnerability, said Gillon.

The Intert Exlorer bug is related to the way the browser processes web page layout information using the CSS (Cascading Style Sheets) format.

The CSS format is widely used to improve the way websites look and feel, but attackers can take advantage of the way IE processes CSS data to steal information, said Gillon.

To take advantage of the bug, attackers first have to get internet users to visit a malicious website, which can be used to harvest the user’s desktop data.

Users can prevent such attacks by turning off JavaScript in their browsers. JavaScript is used by website developers to make their sites more attractive, but the code is also used by the threat reported by Gillon to gain access to users’ machines.

Microsoft is already dealing with another unpatched IE security problem, which allows remote attackers to take over a user’s machine. Microsoft said it is still studying the latest IE threat.

The company is set to release its latest round of security patches, as part of its monthly patching cycle, on 13 December.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy