Internet Explorer users warned over hijack threat
Internet Explorer users are at risk of a vulnerability that could allow hackers to hijack computers, according to software giant Microsoft.
In a security bulletin issued by the company, Microsoft says the flaw affects all versions of Windows, but it hasn’t yet encountered “indications of active exploitation”.
But Microsoft’s Angela Gunn says the whole intent of an attack would be to convince users to share their information.
“An attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it,” Gunn says.
“When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session.”
Microsoft says it is working on a permanent security fix, with a temporary one currently available through the company’s website.
Meanwhile, internet security firm AVG predicts 2011 to be another big year for cyber criminals as they aim their attacks at Facebook and smartphones.
“Last year showed that government, industry and security experts worldwide are making a serious attempt to create a unified front against cyber criminals,” AVG says.
“But we also need to defend ourselves as users and as businesses, and we still have a long way to go... In the business world, many organisations are relying more on web-based technologies but aren’t investing in stronger IT defences.”
AVG security evangelist Lloyd Borrett identifies the top five online security threats in 2011:
1. Mobile devices
Borrett says tablet computers and smartphones will become an increasingly important target for cyber criminals this year.
“Mobile devices are constantly connected, and substantially less protected, than a personal computer… Users shrug off mobile security solutions and carelessly broadcast financial, account and other personal data such as their exact location while on the go,” he says.
“That’s why it’s important to protect your Android smartphones with security software.”
2. Small businesses
According to Borrett, 85% of small businesses fail to see the dangers associated with the internet.
“Small business owners often do not have proper security policies and enforcement measures that can educate workers how to be safe online and not act in a way that puts the company network at risk,” he says.
3. Social search
“Now that Google indexes Twitter and other user-generated content as it occurs, there is no end to the havoc cyber criminals can create with fake and hijacked accounts spewing misleading malicious links that appear in search streams,” Borrett says.
He says although there are security measures available to protect people from social search threats, it is essential that everyone is always on the lookout for them.
“As long as bugs are found, as long as users don’t regularly update their apps, and as long as users continue to let rogue Trojan horse applications into their castle, applications will be a big thorn in the side of security,” Borrett says.
“In 2010, we saw a huge increase in the frequency and intensity of Adobe Reader, Flash and various Facebook application attacks.”
5. The cloud
Borrett says cloud computing will continue to be embraced by businesses and consumers this year, presenting a growing opportunity for cyber criminals.
“It is inevitable that hackers will turn their attention to data-rich warehouses bursting with information they can steal and profit from,” he says.