Porn Trojan exploits old Microsoft hole

A new Trojan horse is redirecting Internet users to pornographic Web sites by exploiting an old vulnerability in Microsoft Internet Explorer (IE).

The JS/Seeker-E script can arrive by email or can be embedded into a Web page: when a user opens the email or clicks on the Web page, the script is activated. Once activated, Seeker attempts to change the user's IE settings, such as the start page and search settings, and will redirect the infected user to a porn site.

"It isn't terribly damaging, as it exploits a bug in IE that was first found in October 2000," said Graham Cluley, senior technology consultant at security firm Sophos. "Seeker will only affect those who have not updated their necessary patches."

The security vulnerability that Seeker attacks is in the Microsoft virtual machine ActiveX component. This same vulnerability allows other, more malicious scripts to do a lot more damage. A patch for the hole was released by Microsoft at the end of October 2000, but other holes have since appeared in Internet Explorer that let other types of malicious scripts attack users' PCs.

On Thursday a new vulnerability was detected in IE that could allow the execution of malicious code on systems running IE 5.5 and 6.0 of the browser. A security fix was released for a similar hole, found in November by Finland-based security firm Oy Online Systems, but the patch itself seems to have created a new glitch. The latest bug is in the Microsoft GetObject JScript function, and could allow a malicious user to execute arbitrary programmes on a compromised system.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.