International data security software developer Kaspersky Labs reports that a new Trojan program, StartPage, is exploiting an Internet Explorer vulnerability for which there is no patch.
Kaspersky Labs says StartPage is the first malware to infect computers via the "Exploit.SelfExecHtml" vulnerability in the Internet Explorer security system.
The company warns that if a patch is not released soon, other viruses could exploit the vulnerability, resulting in what the company calls “a long-lasting, large-scale epidemic that could surpass even the Klez epidemic”.
By Tracy Burrows
May 22, 2003
In a warning issued today, Kaspersky Labs says StartPage is sent to victim addresses directly from the author and does not have an automatic send function. The first mass mailing to several hundred thousand addresses was registered in Russia on 20 May.
The StartPage program is a Zip-archive that contains an HTML file. Upon opening the HTML file, an embedded Java-script is launched that exploits the "Exploit.SelfExecHtml" Internet Explorer security system vulnerability and clandestinely executes an embedded EXE file carrying the Trojan program.
Article continues... IT Web
Posted on Thursday, 22 May 2003 @ 08:04:49 UTC by cj (1674 reads) [ Trackback ]
Kaspersky Labs says StartPage is the first malware to infect computers via the "Exploit.SelfExecHtml" vulnerability in the Internet Explorer security system.
