Microsoft sees 'huge increase' in IE attacks

Microsoft warned Saturday of a "huge increase" in attacks exploiting a critical unpatched vulnerability in Internet Explorer (IE), and said some originated from hacked pornography sites.

Other researchers confirmed that attacks were increasingly coming from compromised Web sites.

[ Related: "IE5, IE6 also affected by browser vulnerability" and "Chinese team mistakenly released unpatched IE7 exploit" | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Microsoft noted the upswing in attacks on the company's Malware Protection Center blog late Saturday. "The trend for now is going upwards," said researchers Ziv Mador and Tareq Saadecom on the blog. "We saw a huge increase in the number of reports today compared to yesterday."

Hackers have been exploiting a data binding bug in IE for more than a week, according to researchers who first noted in-the-wild attack code on Chinese servers. The vulnerability, which exists in all versions of the Microsoft browser, including IE5.01, IE6, IE7, and IE8 Beta 2, has so far been exploited only by attack code that targets IE7, the most widely used edition.

Mador and Saadecom said that attacks are increasingly being launched from legitimate Web sites. "Some legitimate Web sites were maliciously modified to include the exploits," the two said. A popular Taiwanese search engine and a Hong Kong-based pornography site were among the sites hacked, then set up to attack visitors running IE.

Researchers at Trend Micro also reported a big increase in hacked sites serving exploits aimed at the new IE bug. On Saturday, the security firm estimated that about 6,000 sites have been infected so far, noting that the count was "quickly increasing in number."

As in previous, large-scale attacks based on legitimate Web sites, this one involves hackers who execute SQL injection attacks to first compromise the site. In a SQL injection attack, hackers exploit vulnerabilities in Web applications that rely on a back-end database, which then gives them a way to add and run malicious code, usually rogue JavaScript, against any browser.