When these guys get involved, it is safe to say that
something big is going down. The United States Department of Homeland Security
issued an alert on Monday concerning the Internet Explorer bug linked to
countless computer hackings. The United States Computer Emergency Readiness
Team (US-CERT), a division of the Deparment of Homeland Security, in essence
told all users of the popular Internet Explorer browsing software to “stay
away” from the program until Microsoft can develop a security update for the
virus-prone software.
The US-CERT team said in the advisory that computers running
Internet Explorer versions six through 11 are susceptible to complete
compromise if users attempt to run the program. Also, the team warned that any
Microsoft XP users will not have any security update available as Microsoft
stopped offering technical support for XP operating systems at the beginning of
the year. Internet security agencies estimate that anywhere from 15 to 25
percent of the world’s computers still run on the antiquated, 13-year-old
operating system. The United States’ government advises computer users to turn
to internet browsing alternatives such as Google’s Chrome and Mozilla’s Firefox
while Microsoft works toward a solution
to the Internet Explorer bug. For XP users, the feds say that this change
should be a permanent one.
NetMarketShare, a global research firm, estimates that
around 55 percent of all internet browsing done around the world is performed with one of the infected versions
of Internet Explorer, from version six all the way up to the most current
version, 11. This estimate puts hundreds of millions of computers at risk of
being compromised.
Microsoft says that the Internet Explorer bug allows hackers
to view, change or delete computer data while giving them the ability to take
complete control of an operating system. While in control the hackers can
install spyware and malicious programs as well as create accounts that can give
the hacker full access to a bevy of personal information and property.
So far US-CERT claims that the overwhelming majority of
hacking activity related to the Internet Explorer bug has been at the expense
of firms based in the United States that are linked to the financial and
military defense sectors. FireEye Inc., the sofware security company that first
spotted the Internet Explorer bug, said that the bug has already been exploited
by some elite level hackers under a campaign named ‘Operation Clandestine Fox.’
FireEye did not disclose any specific suspects or victims of the campaign, but
said that the hackers are extremely difficult to track and also very good at
lateral movement. Both US-CERT and FireEye are not sure what the possible
motive of Operation Clandestine Fox is, though judging by recent attacks it
appears that hackers are currently trying to gather financial and military
intelligence to mount further attacks down the road.
US-CERT and various internet security firms are concerned
that copycat hackers will run amok until Microsoft can quickly develop a
security update for Internet Explorer. Aviv Raff, chief technology officer for
internet security firm Seculert, says that hackers are already scrambling to
learn as much about the Internet Explorer bug as possible to take full
advantage before Microsoft develops an adequate defense. Raff says that
Microsoft has to work quickly to prevent a snowball effect from happening very
soon.
0 comments:
Post a Comment