Norton would like to warn computer users 0f major Internet Explorer vulnerability with Microsoft’s recent announcement of a zero-day vulnerability that affects Internet Explorer 6, 7 and 8.
What is a zero-day vulnerability? It means there’s a hole in Internet Explorer that a cybercriminal can take advantage of by creating a malicious threat that targets anyone who is using the vulnerable browser and is not protected. They’ll use tricks like spam, phishing, or fake websites that show up on search results to lure people to an infected site.
This vulnerability is linked to the attacks against Google, which were publicized last week. Part of the discussion has revolved around Trojan.Hydraq, which is being used to exploit the Internet Explorer zero day vulnerability. Based upon the functionality of the trojan, we can safely surmise that the intent of the trojan is to open a back door on a compromised computer allowing a remote attacker to monitor activity and steal information from not only the compromised computer, but the larger infrastructure to which the computer is connected. It is primarily a threat that affects corporations but, regardless, Norton customers have protection against the threat.
However, it’s likely cybercriminals could create an exploit in the near future that targets regular computer users. In fact, it takes just an average seven days for a vulnerability to be exploited. What could happen once you’re infected by a threat that exploits this vulnerability? That all depends on what the cybercriminal has instructed the malicious threat to do – it could be anything from stealing personal information on your computer to taking over your computer so it becomes part of a bot network.
So, what should computer users do to protect themselves now so they don’t become victims later?
1. Stay on top of security patches. Vulnerabilities happen all the time, regardless of the operating system or software maker. In the case of Microsoft Internet Explorer, according to Symantec’s Internet Security Threat Report, in 2008 alone, there were 47 new vulnerabilities identified in the browser. Make sure the operating system and software/applications are updated with the latest patches. While Microsoft hasn’t released a patch for this vulnerability yet, it’s likely they will in the future. Depending on the operating system, critical patches are usually pushed out to the computer automatically or users will get a notice on your computer that updates are available. The messages should not be ignored. Updates should be downloaded as soon as possible.
2. Not all security software are made equal. Antivirus alone will not protect against a zero day vulnerability because antivirus software needs to know about a threat first so that a signature can be created to detect the threat. With zero day vulnerabilities, being in that situation means too little, too late. Computer users need a complete security solution with an intrusion prevention system, like Norton Internet Security or Norton 360, which can detect new exploits that target vulnerabilities without signatures.
3. Get educated about how to stay safe online. Computer users can learn more about how to protect themselves by visiting Norton’s Every Click Matters site.
For a more comprehensive description of Trojan.Hydraq’s abilities and some helpful images related to the Trojan, please visit this posting on Symantec’s Security Response blog
April 7th, 2010 at 9:43 pm
David Freer (VP, Symantec Consumer Business Units, APJ) is a big liar. He lied to me for more than two and half years and kept saying I am the only one in his life. Even this year on Feb. 2, he used company line to lead me to have phone sex with him. Until I found out there’s some other woman, he made up another lie and finally admitted he’s been living with her for a year. Later, I realised they were all lies. He actually has married March 2009. And now he just totally disappearred and not answering any phone calls, acting like “hit & run” irresponsible baby. Can you trust someone like this, with no ethics and integrity?
April 20th, 2010 at 1:36 am
David Freer (VP, Symantec Consumer Business Units - Norton, APJ) is a BIG LIAR! He lied to me for more than two and half years for my true feelings, time, and money. Also kept saying I am the only one in his life. Even this year on Feb. 2, he used company line to lead me to have phone sex with him. Until I found out there’s some other woman, he made up another lie and finally admitted he’s been living with her for a year. Later, I realized they were all lies. He actually has married March 2009. And now he just totally disappeared and not answering any phone calls, acting like “hit & run” irresponsible baby. Can you trust someone like this, with no ethics and integrity? The more unbelievable things is David Freer newly-wed wife - SUZY WALSHAM, she shamefully admitted she was the third person who broke up David Freer & his ex 12 years relationships, and mocking at me as the 3rd “unsuspected” person, as she agreed with his husband’s behaviors!!!!!! SHAME ON both of you, DAVID FREER & SUZY WALSHAM!!!!!!! (THEY BOTH WORK FOR SYMANTEC)