Bug in Internet-Explorer opens backdoor for malware

An Ad Translation Contract. A Standards-based Model Solution Uwe Muegge

Integrate business news on your website free of charge and offer your visitors up-to-date content! Click here for more information.

According to heise-Security, a German IT publisher, the first exploit for the DHTML bug in Internet-Explorer is already circulating. This exploit installs a code on the computer when the user visits a website, that allows access to a Windows command line prompt. If the user is logged in with administrative privileges, the intruder gains complete control over the system.

heise reports that a firewall, which alerts the user about the attempt to open a port, offers some protection. Careless handling of this massege, however, may lead to the installation of the malware. An antivirus program also detected the code. If no protection mechanisms are installed on the computer, the user can check the list of open ports (netstat -a) and thus find out whether a backdoor is activated or not.

Affected were Windows XP with SP1 and SP2 as well as Windows 2000 with SP4. This security hole can be fixed by installing the security update offered by Microsoft and/or by disabling JavaScript and Popups.

Source: http://www.heise.de/security/news/meldung/58544

The article 10 Steps to Make Your PC Safer also contains more information about PC security.