OK, how many times must Internet Explorer be ripped open like a hot 16-year-old in a summer slasher movie before people finally get it: IE is not safe. Period. End of Statement.
I dont care if you only run it around the Web on Sundays and to the nicest sites. If you run IE, youre just asking to me slammed by worms, bots, adware, and every other kind of malware on the planet. No, it doesnt matter that youre using XP SP2 and youve downloaded all the patches. The only version that appears to be immune is IE7 beta-2.
Take the IE code execution hole discovered by Secunia Research a few days ago. Microsoft admits that its there. Thats big of them. Malicious hackers have already been using the hole via hijacked Web servers over the weekend to launch attacks.
While Microsoft insists that, “So far were still seeing only limited attacks,” eWEEK, one of Linux-Watchs sister publications, has seen a list of more than 20 unique domains and 100 unique URLs hosting exploits using the hole.
These, in turn, are infecting systems with SDbot, a virulent family of backdoor programs that give hackers complete ownership of your computers.
With SDbot, attackers can control your computer by sending commands via IRC (Internet Relay Chat) channels. In the past, its been used to seed botnets and plant keystroke loggers for identity theft attacks.
Of course, there may be many other backdoor programs being planted by crackers. The hole can be used for many purposes. Its just that SDbot infections are the only ones we know about so far.
eWEEK.com Senior Editor Steven J. Vaughan-Nichols has been using and writing about operating systems since the late 80s and thinks he may just have learned something about them along the way. He can be reached at sjvn@ziffdavis.com.