A major problem has emerged with Microsofts Internet Explorer browser after it was revealed that hackers can easily use it to access computers and steal personal data.
Because IE is used by seven out of every ten computers in the world, the flaw is potentially very serious. Microsoft is trying to put together a patch, but in the meantime computer users have been advised to update their security settings or switch to unaffected browsers such as Googles new Chrome, Firefox or Opera.
The flaw was spotted last week when hackers started attacking users of IE 7. The flaw, however, has also been found in earlier versions of Microsoft’s browser, IE 5 and IE 6.
Industry experts claim that two million computers have already been affected as Microsoft conceded that 1 in 500 internet users may have been exposed. The software Company said that it is considering the release of an emergency update to correct the flaw. The computing company claims that it has only detected attacks on Internet Explorer 7, the most common version of the browser, but gave warning that other versions are also potentially vulnerable.
The hack was initially devised by Chinese criminals, who have been stealing computer game passwords that can be sold on the black market.
According to the Guardian newspaper in the UK the latter scored highest in a recent set of tests of how browsers deal with password security, by security consultants Chapin Information Services. Firefox came second with IE mid-table. Google’s new browser, Chrome, and Safari 3.2 for Windows tied in last place.
The flaw in IE allows criminals to gain control of computers that have visited a website infected with malicious code designed to exploit it. While restricting web surfing to trusted sites should reduce the risk of infection, the malicious code can be injected into any website. Users do not have to click or download anything to become infected, merely visiting an infected website is sufficient.
Antivirus software specialists Trend Micro believe as many as 10,000 sites have been hacked to exploit the flaw. Sites that have been compromised so far, however, are mostly Chinese and the attackers seem intent on stealing people’s computer game passwords in order to sell them on the black market rather than looking for personal details such as bank accounts.