AMSTERDAM (Reuters) -
A new computer worm emerged on Tuesday which broke the speed record
from the announcement of a security vulnerability in Microsoft's
Internet Explorer to a full-blown virus that spreads in the wild.
The vulnerability was discovered and made public by two hackers with
aliases "ned" and "SkyLined" on Friday, and only four days later a
worm exploiting the weakness was developed and set loose, several
virus-trackers reported.
Microsoft said the worm is a variant of MyDoom and that it was
investigating the threat the worm poses.
Some anti-virus companies said the new worm was different from MyDoom
because it spreads via weblinks and not e-mail attachments.
"People will receive an e-mail saying that their PayPal account has
been credited or that they are invited to watch a webcam. When they
click on the link, just by viewing a site it executes code and infects
the computer," said technical consultant Graham Cluley at Sophos
Anti-Virus.
Microsoft was expected to issue its monthly batch of security patches
later on Tuesday, but the company could not immediately say if a patch
for the new worm would be part of it.
However, the U.S. software giant said that consumers who had installed
Service Pack 2 for Windows XP were at a reduced risk.
The weakness in Internet Explorer is known as the IFRAME buffer
overflow vulnerability.
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, Reuters News Service.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml