New Adware Scheme Takes Advantage of IE Vulnerabilities

A malicious adware creator is taking advantage of two vulnerabilities in Microsoft Internet Explorer (IE) to surreptitiously install adware products and pop-up ad generators on users' computers as they browse the Web. The flaws, which let attackers run code on victims' machines and let malicious code bypass IE's security zones, were only recently discovered. 
"We consider that any use of an exploit to run a program is a criminal use," Microsoft Security Program Manager Stephen Toulouse said. "We are going to work aggressively with law enforcement to prosecute individuals or companies that do so." Toulouse said that the company is now working with the Federal Bureau of Investigation (FBI) to track down the culprits and that Microsoft will likely issue an IE patch to fix the problem soon instead of waiting for next month's regularly scheduled batch of security fixes.
Although reports vary, the malicious code apparently installs an ILookup search toolbar that changes IE's home page and connects to adware-related sites, generating pop-up windows and, occasionally, even desktop shortcuts. The effects are similar but not identical to the behavior I saw during a recent Trojan attack, which I've documented in three parts in Windows & .NET Magazine UPDATE (see the links below). In my case, my machine was infected after I inadvertently turned off Windows Firewall in Windows XP Service Pack 2 (SP2) and used Google to search for video game hints. One of the pages that came up in the Google search results loaded the offending code.

Still Waiting for a Truly Secure System

Details About the Trojan Attack 

My Trojan War Becomes a Quagmire

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.