KitGuru KitGuru.net – Tech News | Hardware News | Hardware Reviews | IOS | Mobile | Gaming | Graphics Cards
Despite it being over two years since the original Internet Explorer 6 Aurora exploit was discovered, Microsoft notified and patches issued, new exploits using the very same vulnerability are being discovered, which of course isn't Microsoft's fault, it's the fault of all those IT managers that haven't updated their company's browser versions in five years.
According to the chaps over at Zscaler ThreatLabZ, a bunch of new URLs have been discovered disseminating code that tries to take advantage of this age old exploit. As the security firm says, “The exploit is delivered via obfuscated JavaScript code, although the level of obfuscation is not very high. Some of the strings and JavaScript function names are been [sic] obfuscated.”
Once it's had its way with your non-updated Internet Explorer 6, the malicious code then tries to download a file from a specific URL, potentially further infecting your machine with trojans and all sorts of other nasties. Your anti-virus may not grab it either, as if you're using an old version of IE6, I can't imagine the rest of your machine is up to date.
KitGuru Says: So take this as a lesson. If your home or work computers are still running IE6 or you know someone else that has that same heap of updates to do, get them done, it'll be a lot less hassle in the long run.
