Microsoft warns of an attack by hackers that target Internet explorers (IE), of all current browser versions with an exception of IE9. It is more on Internet explorer (IE) 6, and IE 7. Machines (Windows) with vulnerable Internet explorer versions are hijacked by the hackers, by attempting the users to view malicious sites. These sites are usually hosted in legitimate sites. IE8 is vulnerable too but because it switches on Data Expansion Prevention (DEP) by default, it is immune to attacks. DEP and ASLR (Address Space Layout Randomization) are defence measures from windows, used to block attacks.
Symantec researcher, Vikram Thakur, said, in order to attack emails, the perpetrators add links to pages on legitimate sites. They gain access to these sites without the owners” knowledge, and upload their contents. If a user visits the hacked site using IE6 or IE7, they get the malware. This is done by creating a “door” on the computer, through which the malware downloads additional files with multiple commands. IE6 does not support DEP, while IE7 does not enable it by default (Keizer, 2010).
Microsoft however says, the owners of the sites containing the malware were informed, and the servers were taken offline. They however urged users to upgrade to IE9, in order to protect themselves. Another protection strategy is by applying a “Customs Cascading style Sheet, (CSS) that formats documents which are loaded into IE. Users can also deploy and configure an Enhanced Mitigation Experience toolkit, (EMET). This is a utility that is available and can be downloaded from Microsoft site, freely. EMET keeps older applications safe before companies upgrade their versions to new safer ones.
This notice by Microsoft is important for all Personal computer users, as well as organisations. Computer hackers cause great harm and danger to computers not mentioning the great loss it brings. Once a computer is vulnerable to viruses and gets them, it is able to spread the virus to other computers within a short time, causing more harm. Organisations spend a lot of money upgrading their software’s as often as possible, but if these programs are not protected from the virus and attackers, it is no use to upgrade. These upgrades results in a lot of cash out in organisations, and should therefore be protected with caution. Viruses brought into computers by these hackers can as well “swallow” documents stored in the computer. The harm by this is enormous as important documents can be lost, with no trace. Loosing information can be detrimental to an organisation (Gupta, 2004).
Microsoft has however enlightened people as well as organisations on how to protect themselves, as well as informing them to be cautious of the current IE6 and IE7. By offering protection measures like the Customs Cascading Style Sheet, Enhanced Mitigation Experience and IE9, Microsoft shows that they care about their customers. EMET is free and available online. This article also serves to educate people about the avail be internet explorers, their differences, and how to protect them. It also gives information of how attackers attack machines through emails (Syngress Media Inc., 2000).
The amount of damage a hacker can cause is unlimited to users. These may include, stealing your money, gaining access to your accounts as they can get your user names and password, hackers can also steal, and sell information about you or your organisation, which can be used against you for illegal purposes, they can gain access to use your credit card, misuse it, and get cash advances using your names and passwords. Despite the few protection strategies by Microsoft, computer users can also use antivirus to protect their computers, employ the use of a two way fire wall, they are also advised to update their operating systems frequently as well as increase their browser settings.
Gupta, S. (2004). Hacking in the computer world. Jakarta: Mittal Publications.
Keizer, G. (2010). Microsoft confirms hackers targeting IE6, IE7 also at risk. Retrieved from
Syngress Media Inc., (2000). “Email virus protection Handbook. New York: Syngress.