Internet Explorer 8 exploit blamed for attacks on several websites

On Friday, Microsoft confirmed that a zero-day exploit had been found in Internet Explorer 8, the most used version of the company's web browser. Now there's word that a number of websites have been attacked via this exploit and have been infected with malware as a result.

Last week, the security firm Invincea claimed the IE8 exploit was used by hackers in attacks directed against websites run by the U.S. Department of Labor and U.S. Department of Energy. Now another security company, AlienVault, has posted word on its blog that "at least 9 other websites were redirecting to the malicious server at the same time. The list of affected sites includes several non-profit groups and institutes as well as a big European company that plays on the aerospace, defense and security markets."

Microsoft has said that it is already working on a patch for IE8 that will close this exploit, but there's no word on when it will be released. In the meantime, users have been advised to upgrade to IE9 or IE10 if they can do so. The company has also offered some workarounds for people and companies who can't or won't stop using IE8.

Source: AlienVault via ArsTechnica | Image via Microsoft

Report a problem with article
Previous Story

Next Xbox won't require always on connection after all

Next Story

Barnes & Noble has one week price cut on Nook HD tablets

20 Comments

Commenting is disabled on this article.

These are some of the dumbest comments I've ever read on here!

Not even I can set and bash something that is related to something as old as IE8 and XP like you people!

Why can't you people get over it? Both are going to be used for quite some time yet. As long as it isn't your stuff running it or getting messed up because of it, just leave it alone!

People still use IE? Weird

Friends don't let friends use IE. Help them learn about the good browsers. I bet they aren't familiar with browsers generally.

PC EliTiST said,
People still use IE? Weird

Friends don't let friends use IE. Help them learn about the good browsers. I bet they aren't familiar with browsers generally.

IE 10 has really turned things around. According to W3 tests, IE's implementation of HTML 5/CSS is the most correct. It has a very secure sandbox making it one of the most secure browsers. It also the features the best hardware acceleration and wins most real world speed benchmarks. Thinking IE is slow, not following standards, and full of security holes is naïve and outdated.

Game launchers break when I set IE's security settings to high.

Yet another reason why I can't stand developers who choose to force the use of IE in their launchers. Either use your own web engine (webkit for example) or use the default browser; otherwise don't bother making a launcher at all and do it within the client.

Bad development practices continue to cause problems; wonder when this is going to change.

Because those are low-budget games usually and probably use cheap third-party tools. I imagine you're mainly talking about free to play games?

Using IE9 and now 10, I've never needed to turn the security settings to High. Using a modern OS and web browser, you shouldn't need to turn security settings to 11. Of course it's going to break things when you do!

Using functionality provided by the OS instead of shipping duplicate functionality that you need to constantly monitor for updates becoming available and then ship these security updates to all of your users is bad practice...who knew??

efjay said,
Why should they?

That way they can lose lots of money and give Google + Mozilla all the browser business/money. Why not? It's not like that'll harm them.

That's because if they didn't recommend other solutions, someone would have died going over the Brooklyn Bridge. heh.

But srsly. Not helping my case man. I'm trying to prove that Pluto (as well as not being a planet) made a very stupid comment, and should be unmercifully bashed for it. lolz.

rr_dRock said,
That's because if they didn't recommend other solutions, someone would have died going over the Brooklyn Bridge. heh.

But srsly. Not helping my case man. I'm trying to prove that Pluto (as well as not being a planet) made a very stupid comment, and should be unmercifully bashed for it. lolz.

Hey you don't wanna go there man. You have no idea what sort of background I have on Pluto's planethood and the arguments I can make that make Pluto being called a dwarf planet is retarded. It's not that I'm even that devoted to Pluto, it's just that's my online identity so I better know a whole bunch about it.

Yes I do make stupid comments sometimes (and I generally can't even tell whether it's stupid or not), but it's never an insult and it's never me being a fan of one company. But how can you believe I should be unmercifully bashed for what I said? Is your own comment even unmercifully bashing me? Do you think that I'm genuinely surprised about Microsoft's recommendations of solutions to this? I just pointed out that they only recommended solutions for an old browser that meant sticking with IE, even if it meant sticking with IE8.

Yeah, because when your Chevy breaks, they tell you to go buy a Ford in the meantime. /s

My roommates taken his VW in for warranty work at a dealer (VW only) and they gave him a ford focus to drive around for 3 days. Kindoff funny.

Pluto is not a planet. The internets tell me so, so it must be true. (Whether or not scientifically it is doesn't matter when the internet says otherwise.)

Anyway, if you'll notice, I in fact did NOT bash you unmercifully, just made a quick jab at the intelligence of a company recommending another companies product.... I know you can't be genuinely surprised at the fact they didn't tell people to move to FF or Chrome, as you have something of a brain (evidenced by the fact that you can spell and use punctuation correctly, as far as I have seen) I am surprised however, at how much money I saved by switching to Geico.


Srsly though. Your comment is either supreme troll or about as good of an idea as washable bread.