More than 1.5 million computer users around the globe may have been exposed to harmful software or viruses because of a “critical” security flaw in Microsoft Corp.’s Internet Explorer, the most widely used Web browser in the world.

The software giant yesterday took the unusual step of releasing an unscheduled update, or patch, to protect customers using all supported versions of the software.

“This is a severe vulnerability,” said Ben Greenbaum, a senior research manager for Symantec Security Response, which sells anti-virus software.

He added that Symantec’s research showed a “significant” increase in hacker attacks over the past several days that aimed to exploit the flaw – a trend that likely pressured Microsoft to put a rush on its security update.

Unlike other types of viruses, Internet Explorer users don’t need to click or download anything to become infected. Instead, unwitting surfers can put their machines at risk simply by viewing a Web page that has been loaded with malicious software, or malware. That includes sites that have been specially created to host the harmful software, or legitimate sites that have been compromised by hackers.

The malware is then quietly downloaded without the knowledge of users, making it possible for hackers to control the machines remotely and use them to send spam or distribute more malware.

Christopher Budd, a security program manager at Microsoft’s Security Response Center, said during a conference call yesterday hackers are also sending dangerous Web pages to users via email, or using emails to entice people to visit compromised websites.

Microsoft said it found a popular search engine in Taiwan that was compromised as well as an “adult entertainment” site in Hong Kong. “Users who hoped to watch that content became targets of those attacks.”

Microsoft estimated that, as of last Friday, roughly 0.2 per cent of Internet Explorer users had been exposed to harmful malware because of the flaw. Some observers say that translates into about 1.5 million users based on Internet Explorer’s 70 per cent of the browser market, estimated at anywhere from 800 million to 1.5 billion active users.

The high-profile security breach will likely provide critics with more ammunition to go after Microsoft’s industry-dominating software, but Symantec’s Greenbaum said all Internet users are at risk no matter what software they are using.

More at http://www.thestar.com/

Tags: Computer hacking, internet attacks, viruses