A FLAW has emerged in Microsoft’s Internet Explorer web browser software which allows hackers to steal information from people’s PCs if they visit certain websites.
Computer security experts only became aware of the issue when websites cropped up that were exploiting the flaw to steal user accounts for online gaming, which can then be sold on. Security problems such as this, which are discovered by hackers before the makers of the software, are known as “zero day exploits”.
Chinese websites were initially compromised but last night Brian Honan of the Irish Reporting and Information Security Service, said that about 10,000 sites had been infected worldwide.
Microsoft yesterday issued a statement advising its customers to “follow simple safety guidelines”, including ensuring their software is fully updated and that they have current security software installed and switched on. It advised consumers worried about how to protect their PC to read the advice at www.microsoft.com/protect.
Last night Microsoft announced it would release an update today which it is believed will address the problem.
Microsoft’s investigation has shown the attacks are targeting customers using Internet Explorer 7, but it said the vulnerability affects all versions of Internet Explorer.
Some security experts advised people to switch to a different web browser, such as Mozilla Firefox or Apple’s Safari, until a solution for the problem was developed by Microsoft. Irish security experts suggested this was not an option for most internet users.
“If people were to change their browser every time a vulnerability was discovered they would be constantly changing,” said Colm McDonnell, a security expert with Deloitte. He advised people to change their Internet Explorer security settings to High until they install the patch which is being issued.