A recently uncovered vulnerability in Internet Explorer can expose computers to “drive-by downloads”, Trojan horse programs that are installed through innocuous looking pop-up windows. The team at Microsoft’s Security Response Center is working on a patch and plans on releasing it next month.
The vulnerability was outlined in a recent Microsoft security advisory and several malicious websites have already be set up to push the Trojan horse to web surfers. Dubbed the “Sdbot” Trojan horse, the program opens up an Internet Relay Chat (IRC) channel and allows hackers to take complete control of the victim’s computer.
On the MSRC blog, Program Manager Stephen Toulouse says the patch is being finalized and is “on schedule testing wise to be released”. Microsoft plans on including the patch in the round of updates slated for April 11, 2006, but Toulouse adds, “we’ll release it sooner if warranted”.