 |
• May 23, 2003 •
According to Kaspersky Labs, an international data security software developer, Microsoft hasn't reacted to its calls to issue a patch for the StartPage Trojan, which exploits vulnerability in Internet Explorer 5.0.
StartPage is a classic Trojan - it is sent to victim addresses directly from the author and does not have an automatic send function. The first mass mailing to several hundred thousand addresses was registered in Russia on May 20.
The StartPage program is a Zip-archive that contains two files - one HTML file and one EXE file. Upon opening the HTML file the StartPage code is launched and proceeds to exploit the Internet Explorer security system vulnerability known as "Exploit.SelfExecHtml". It then proceeds to clandestinely launch the EXE file carrying the Trojan program.
"It is hard to call this program dangerous, its collateral effects include only the altering of an old Internet Explorer page. Still, StartPage has set a precedent with its usage of a vulnerability for which there is not yet a patch", commented Eugene Kaspersky, Head of Anti-virus Research at Kaspersky Labs.
According to Kaspersky Labs statistics, over 85% of virus incidences in 2002 were caused by malicious programs such as 'Klez' and 'Lentin' that exploit the IFRAME Internet Explorer vulnerability, which was discovered over two years ago, and thus users have had plenty of time to install the patch and protect themselves against any similar virus appearing in the future.
"With StartPage we are dealing with an open vulnerability. Users can protect themselves with anti-virus software, but not all of them have strong heuristic technology to protect against future viruses", continued Eugene Kaspersky. "A new vulnerability has been exposed that may incite the creation of a multitude of new malware that could lead to new epidemics of a global scale."
I think that a possible explanation for Microsoft's apparent reluctance to issue a patch is that Microsoft no longer supports Internet Explorer 5.0, which it replaced with Internet Explorer 5.01 and 5.5, both of which are in most cases entering their "Extended" support phase (or getting close to their End Of Life) according to the Microsoft Web site.
