Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Cybercriminals use the Eleonore Exploit Kit to hack into IE

Add to del.icio.us     Digg this story Digg this

November 8, 2010

An unpatched security vulnerability in Internet Explorer has been added to a popular cybercrime toolkit, making IE now even more susceptible to an attack than before, and the news are traveling rather fast throughout the blogosphere.

Microsoft isn't due until tomorrow for its next "Patch Tuesday" security update and some observers in the security field say that Microsoft won't have sufficient time between today and tomorrow afternoon to issue the proper security patch for the vulnerability.

This simply means that cybercriminals who use the Eleonore Exploit Tool Kit can take full advantage of the unpatched security hole to more easily plant banking Trojans, viruses and other malware on the computers of unsuspecting Internet Explorer users.

And a patch for the wide open Internet Explorer hole isn't on the menu for tomorrow either. Microsoft previously acknowledged that the unpatched flaw in Internet Explorer had appeared in targeted attacks, but failed to do anything about it.

The Eleonore Exploit Took Kit retails for just a few hundred dollars through cybercrime forums, which means it's available to 'script kiddies' of modest means who can then use it cause trouble, probably through attacks that rely on tricking victims into visiting booby-trapped websites.

The use of the security hole in a general use exploit toolkit raises the bar and ought to prompt Microsoft in considering whether an out-of-band patch might be needed, notes AVG's Roger Thompson.

He adds that computer users everywhere can protect themselves from such potential attacks in the absence of a patch by using the security firm's LinkScanner tool.

The unpatched vulnerability in Internet Explorer affects versions 6, 7 and 8 and revolves around many security holes in Cascading Style Sheets (CSS) in the way they handle tokens.

Malicious code exploiting the security vulnerability can be used to drop Trojans and viruses onto the machines of visiting surfers who visit exploit sites, providing they are running IE 6, 7 or 8 and unless they are using a tool capable of blocking the attack.

Add to del.icio.us     Digg this story Digg this

Source: AVG Anti Virus.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.


You can link to the Internet Security web site as much as you like.


| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Get your Linux or Windows dedicated server today.