Windows XP users who have installed Service Pack 2 were not affected by the IFRAME exploit due to buffer-overflow protection incorporated in SP2. But LURHQ said that may not last. “A new, unrelated exploit has just been released that allows remote code installs on SP2, and it is expected that adware vendors/trojan authors will begin to use it in the near future,” the security service noted.
Other reports surfacing this weekend suggested that spyware and malware authors are making widespread use of Internet Explorer security holes to install software. Spyware researcher Ben Edelman encountered a URL that auto-installed 16 different spyware or adware programs. “I was not shown licenses or other installation prompts for any of these programs, and I certainly didn’t consent to their installation on my PC,” writes Edelman.
The latest incidents are prompting a fresh round of recommendations that Web users abandon Internet Explorer in favor of alternate browsers, at least until the IFRAME hole is addressed. The Internet Storm Center gave that advice in its initial reports Saturday, and The Register today urged readers to “strongly consider running an alternative browser (to Internet Explorer), at least until Microsoft deals with the issue.”