Security researchers warned Web surfers on Thursday to be on their guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection. The researchers believe that online organized crime groups are breaking into Web servers, surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer.
The extent of the attacks is unknown, but the security community has seen numerous cases of personal computers infected when the user merely visits a Web site. "It is not epidemic, but it is being seen," said Alfred Huger, senior director of engineering for security firm Symantec. "Do we think it is serious? Yeah. It's a concern and it's insidious."
The tactic is not new. Earlier this month, an independent security researcher found an aggressive advertising program, known as adware, that installed itself onto a victim's computer via the same two flaws in Internet Explorer. A large financial client called in Symantec in late April after an employee's system had been infected when he used Internet Explorer to browse an infected Web site. Last fall, a similar may attack have been facilitated through a mass intrusion at Interland, said sources familiar with that case.
View: The full story
News source: news.com