When these guys get involved, it is safe to say that something big is going down. The United States Department of Homeland Security issued an alert on Monday concerning the Internet Explorer bug linked to countless computer hackings. The United States Computer Emergency Readiness Team (US-CERT), a division of the Deparment of Homeland Security, in essence told all users of the popular Internet Explorer browsing software to “stay away” from the program until Microsoft can develop a security update for the virus-prone software.
The US-CERT team said in the advisory that computers running Internet Explorer versions six through 11 are susceptible to complete compromise if users attempt to run the program. Also, the team warned that any Microsoft XP users will not have any security update available as Microsoft stopped offering technical support for XP operating systems at the beginning of the year. Internet security agencies estimate that anywhere from 15 to 25 percent of the world’s computers still run on the antiquated, 13-year-old operating system. The United States’ government advises computer users to turn to internet browsing alternatives such as Google’s Chrome and Mozilla’s Firefox while Microsoft works toward a solution to the Internet Explorer bug. For XP users, the feds say that this change should be a permanent one.
NetMarketShare, a global research firm, estimates that around 55 percent of all internet browsing done around the world is performed with one of the infected versions of Internet Explorer, from version six all the way up to the most current version, 11. This estimate puts hundreds of millions of computers at risk of being compromised. Microsoft says that the Internet Explorer bug allows hackers to view, change or delete computer data while giving them the ability to take complete control of an operating system. While in control the hackers can install spyware and malicious programs as well as create accounts that can give the hacker full access to a bevy of personal information and property.
So far US-CERT claims that the overwhelming majority of hacking activity related to the Internet Explorer bug has been at the expense of firms based in the United States that are linked to the financial and military defense sectors. FireEye Inc., the sofware security company that first spotted the Internet Explorer bug, said that the bug has already been exploited by some elite level hackers under a campaign named ‘Operation Clandestine Fox.’ FireEye did not disclose any specific suspects or victims of the campaign, but said that the hackers are extremely difficult to track and also very good at lateral movement. Both US-CERT and FireEye are not sure what the possible motive of Operation Clandestine Fox is, though judging by recent attacks it appears that hackers are currently trying to gather financial and military intelligence to mount further attacks down the road.
US-CERT and various internet security firms are concerned that copycat hackers will run amok until Microsoft can quickly develop a security update for Internet Explorer. Aviv Raff, chief technology officer for internet security firm Seculert, says that hackers are already scrambling to learn as much about the Internet Explorer bug as possible to take full advantage before Microsoft develops an adequate defense. Raff says that Microsoft has to work quickly to prevent a snowball effect from happening very soon.
By Jeremy Mika