Trojans washes over unpatched IE
Two Trojans have been seen in the wild that target an unpatched bugs in Microsoft Internet Explorer. The trojans, which only require users to visit a spoof website without clicking anything, were spotted by the media friendly antivirus company Sophos.
Called Clunky-B and Delf-LT, the exploits could allow malicious code to be executed remotely on a user's PC.
Microsoft was expected to release an emergency patch to cover the flaw this week, as most anti-virus companies consider that the flaw rates an 11 on a scale of one to 10.
However, so far the only thing seen from Vole has been an advisory last week, which does not really provide much help at all. Microsoft is supposed to issue a round of security patches next Tuesday, but it is not clear that the flaw will be tackled in that wave either.
In fact a spokeVole actually "refused to confirm" that a patch will be available in the next round of updates. This is VoleSpeak for "we are not really sure if the paint will be dry in time". Sophos is advising punters to turn off the Active Scripting facility in Internet Explorer, as a stop-gap measure until Microsoft gets its act together.