Internet Explorer enables hackers to steal users' passwords

Internet Explorer Has Serious Security Flaw

Exploit enables hackers to steal users' passwords

If you're browsing the Internet with Microsoft's Internet Explorer, you could be vulnerable to hackers. That's the warning from computer experts, who say the browser has a security flaw that allows criminals to take control of consumers' computers and steal passwords.

Until Microsoft fixes the problem, experts suggest using another browser.

The technology security firm Trend Micro said its engineers detected a malicious JavaScript called JS_DLOAD.MD on several Web sites that exploits a zero-day vulnerability in Internet Explorer 7 through a heap spray on SDHTML.

After a successful exploit, it triggers a series of redirections to multiple URLs, then finally connects to one of several different domains.

"Unfortunately, since Microsoft's security updates failed to provide protection against this vulnerability, users of Internet Explorer are at risk even while surfing the Web on fully patched Windows XP and Windows 2003 systems," Trend Micro said in an advisory.

Microsoft says seven versions of Internet Explorer, which is used by most of the world's computers, are vulnerable to this security flaw. Microsoft is now at work trying to find a security patch.

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," the company said.

Security experts say those still using Internet Explorer should be very careful about which Web sites they visit, since compromised Web sites can download the Trojan. They say the rule about never clicking on a link in a spam email is especially important to follow in this case, since hackers may be using spam to direct victims to compromised sites.

Once a hacker gains access to your computer, the keylogger software can capture your key strokes, stealing user names and passwords to your bank and other secure online accounts.