A vulnerability affecting Internet Explorer versions 6 through 10 could make it possible for a hacker to monitor the movements of your mouse, even if the browser window is minimized.
According to U.K.-based Web analytics firm Spider.io, this means that passwords and PINs could be captured by a canny thief if they are typed on an onscreen keyboard. What's more, it's already being exploited by two display advertising networks, the company said, though it did not name them.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
MORE SECURITY: With BYOD, data breaches just waiting to happen
"As long as the page with the exploitative advertiser's ad stays open -- even if you push the page to a background tab or, indeed, even if you minimize Internet Explorer -- your mouse cursor can be tracked across your entire display," Spider.io said. The company added that, while the problem has been acknowledged by the Microsoft Security Research Center, there are apparently no immediate plans for a patch.
Email Jon Gold at firstname.lastname@example.org and follow him on Twitter at @NWWJonGold.
Read more about wide area network in Network World's Wide Area Network section.
This story, "IE exploit can track mouse cursor -- even when you're not in IE" was originally published by Network World.