Fake BBC e-mails seek to exploit IE flaw

Attackers are using messages with BBC article excerpts to trick people into visiting a Web site that exploits the Internet Explorer createTextRange flaw.

If you receive an e-mail with snippets of news from the BBC, beware. They're not what they seem.

Attackers are spamming out these messages and hoping readers will click on a link to "read more." Those who do will be sent to a Web site that exploits the createTextRange flaw in Internet Explorer, dropping keyloggers onto victims' machines that can be used to steal bank account information.

That warning comes from San Diego-based Websense Inc., which offered details on its Web site, including a screen shot of an infected Web page.

"These e-mail messages contain excerpts from actual BBC news stories and offer a link to 'read more,'" Websense said. "Users who follow this link are taken to a Web site that is a spoofed copy of the BBC news story from the e-mail."

The Web site then attempts to exploit the unpatched vulnerability by installing a keylogger on a victim's machine. "This keylogger monitors activity on various financial Web sites and uploads captured information back to the attacker," Websense said.

To date, more than 200 Web sites have reportedly been uncovered that exploit the createTextRange flaw, but the spoofed BBC site appears to be the first example of a specific e-mail campaign purporting to be from a legitimate source that tries to trick recipients into visiting an illegitimate site.

Concern over the security hole and a fear of this type of exploit prompted Aliso Viejo, Calif.-based eEye Digital Security Inc. and Redwood City, Calif.-based vulnerability protection firm Determina Inc. to release their own fixes.

Microsoft has been developing a patch and plans to have it ready April 11, or perhaps sooner if warranted. However, in a Tuesday post to the Microsoft Security Response Center blog, Security Program Manager Mike Reavey said the software giant had not seen an increased spread of attacks, and has been working with enforcement to deactivate malicious Web sites.

"But attacks are still occurring," Reavey said, "so we certainly still recommend up-to-date AV software and our safe browsing guidance while we work on the update, and have updated the security advisory with a list of VIA partners that are currently providing protection."

This article originally appeared on SearchSecurity.com.

Dig deeper on Phishing and Email Fraud Protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close