Criminals target old versions of Internet Explorer with zero-day attack

People using versions 6, 7, and 8 of Microsoft's Internet Explorer (IE) are being urged to take action to evade a new threat that specifically targets older browsers.

Hackers are already distributing millions of emails with link to web pages that will be able to identify and exploit the IE flaws.

Read more
Web browser and tool reviews
PC security tips 

Websense Security Labs' security research manager Carl Leonard said: "No sooner have we brought in the New Year and we're already seeing new security threats. This IE zero-day vulnerability preys on those using older versions of IE, a typical tactic used by malware authors.

Upgrading to IE 9 or 10 safeguards users from the threat, as does switching to Chrome or Firefox.

"They wouldn't go to the trouble of creating these exploits if they didn't know the older versions were still being widely used. So while many individuals resolve to get in the gym to kick-start the year, I would urge companies to do the same and get their security in the best shape it can be."

Microsoft is always urging users of its IE browsers to upgrade to the latest versions which offer better security. People using other browsers should always ensure they install upgrades according to security experts. The hackers using the current vulnerability in the older versions try to lure victims to visit a malicious Web site.

Once there, because of the way Internet Explorer accesses an object in memory that has been deleted or improperly allocated, they can gain access to a vulnerable PC.

Internet Explorer versions 9 and 10 are not listed as being vulnerable.