Trojan horse conveys IE users to porn
The JS/Seeker-E script can arrive by e-mail or can be embedded into a Web page: When a user opens the e-mail or clicks on the Web page, the script is activated. Once activated, Seeker attempts to change the user's IE settings, such as the start page and search settings, and will redirect the infected user to a porn site.
"It isn't terribly damaging, as it exploits a bug in IE that was first found in October 2000," said Graham Cluley, senior technology consultant at security firm Sophos. "Seeker will only affect those who have not updated their necessary patches."
The security vulnerability that Seeker attacks is in the Microsoft virtual machine ActiveX component. This same vulnerability allows other, more malicious scripts to do a lot more damage. A patch for the hole was released by Microsoft at the end of October 2000, but other holes have since appeared in Internet Explorer that let other types of malicious scripts attack users' PCs.
On Thursday a new vulnerability was detected in IE that could allow the execution of malicious code on systems running IE 5.5 and 6.0 of the browser. A security fix was released for a similar hole, found in November by Finland-based security firm Oy Online Systems, but the patch itself seems to have created a new glitch. The latest bug is in the Microsoft GetObject JScript function, and could allow a malicious user to execute arbitrary programmes on a compromised system.
Staff writer Wendy McAuliffe reported from London.