Most Recent Internet Explorer Bug Could Take on ‘Conficker’ Proportions
Recently, the Microsoft Company confirmed the existence of an Internet Explorer bug and is already working on a patch to deal with the problem. They have also recognized how the same bug could take on the proportions of the last Conficker attack.
AVG Technology’s chief research officer, Roger Thompson, stated that it may even be a bigger worm than Conficker and that the damages that it could cause once exploiting PC systems’ firewalls and exposes the system to the whole internet. Unlike Conficker which, when within a network, only then would do its damage.
The worm, Conficker, infected millions upon millions of computer systems in January by doing damage to just as many networks. Apparently, Conficker was exploiting a bug that was previously patched by Microsoft, and Microsoft had to respond to Conficker’s prominent damage on a special schedule, beyond that of its regular update schedule.
The Conficker worm usurped as much at 12 million personal computers (at least at one point in time), amassed the PCs into a colossal botnet which in turn, was used to proliferate malware, disseminate great quantities of spam, and lodge sham antivirus software in other computer systems.
Thompson remarks that the internet offenders are probably taking full advantage of this newest bug, and for the Conficker perpetrators, this weakness is the next biggest thing since Conficker. They have passed time waiting for the next big vulnerability to exploit and will merge the same with intelligent strategies once they discover this next bug.
Thompson expressed concern over the ‘msvidctl.dll’ file or the Microsoft Video Controller ActiveX Library since this same control is accessible by Internet Explorer over the internet. This bug has been exploited since June of 2009, but whose vulnerability was only broadcasted in July when more than a few security companies informed Microsoft of compromised websites, running up to the thousands, which were releasing and allocating exploits.
Because of this, Microsoft has recognized the bug by releasing an advisory. It is developing a patch and has made available an automated tool to render inoperative the setting of ActiveX through the positioning of at least 36 “kill bits” within the registry of Windows.
Roger Thompson says that with millions of people exposed to this vulnerability, the bug can serve as a very effectual exploit. This is a prime hacker tool since it has not yet been patched by Microsoft. In Conficker’s case, the exploited weakness that was being manipulated had been previously patched by Microsoft when it initially emerged. But since there were millions of PCs that had not been updated with the patch, then hackers could still exploit the same bug.
The speed by which the patch will be developed by Microsoft on time is still indistinct. However, Thompson expresses with confidence that Microsoft will come up with a solution. For the meantime, internet hackers have not yet exploited the bug, although the attack code is readily obtainable. For now, it would be wise not to click on any banner ads since these are some of the first mediums by which hackers attack PC and network systems.