Internet Explorer flaw leaves computer users at risk

Computer users are being warned that a vulnerability in Internet Explorer (IE) could allow criminals to hijack their PCs.

Security firm Symantec said so far cybercriminals have been using the flaw, which affects IE 6, 7 and 8, to target their attacks on businesses.

This vulnerability is directly linked to the zero-day attacks against Google and Adobe last week. Google said the “highly sophisticated” and co-ordinated hack attack against its corporate network originated from China. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists.

However, Symantec warned that cybercriminals will target anyone who is using the vulnerable browser and is not protected. In its blog, the company said the attack has revolved around Trojan.Hydraq. The flaw allows this malware to download and opens a back door on a compromised computer.

"It’s likely cybercriminals could create an exploit in the near future that targets regular computer users. In fact, it takes just an average seven days for a vulnerability to be exploited," said Symantec.

"Cybercriminals will use tricks like spam, phishing, or fake websites that show up on search results to lure people to an infected site.

"If [your computer is] infected by a threat that exploits this vulnerability, cybercriminals could do anything from stealing personal information on your computer to taking over your computer so it becomes part of a bot network.”

However, security experts from Australia's computer emergency response team, AusCert say people shouldn't panic. It said although Microsoft has not yet issued a patch to fix the issue, people using IE8 have certain built-in protections.

On the Stay Smart Online website, it gives advice on how people can protect themselves; including using another browser until Microsoft releases an update.

Symantec said Norton customers are protected but not all security software is made equal. Anti-virus alone will not protect against zero-day vulnerability because anti-virus software needs to know about a threat first so that a signature can be created to detect the threat.

It has set up a website, every click matters, and said people must ensure they download all security patches for third-party software including programs such as IE and Adobe.