Internet Explorer trojan problem still not patched

The trojan allows the wicked to automatically execute code, and while the AV companies have upgraded their software, there's still no solution to the problem.

De-activating active scripting is a headache, while de-registering .HTA files means you've got to mess about with the Windows registry, which many people are reluctant to do. And who can blame them.

There's a description of the problem here, while there's a much longer write up over at NT Bugtraq, here.

The problem is that even when Mr Trojan goes away, the hole is still there, waiting to be filled, and giving network admins the heebie jeebies.

There's already anotherTrojan exploiting this hole. It's called Backdoor AZV, according to some. Check here.

Ken Dunham, who has the odd title of director of malicious code at iDEFENSE, said disabling Active X controls only works for IE 6.x anyway. And 5.5 is vulnerable when ActiveX is disabled but active scripting is enabled.

He said: "iDEFENSE first reported on two new Trojans using this exploit on Oct. 2, 2003. One Trojan works as a SOCKS4 proxy. SOCKS4 proxies are used by attackers to tunnel through a computer for covert IRC communications. The other Trojan installs an IRC bot that an attacker can then remotely control for malicious purposes. A dramatic increase in Trojan activity and in the wild attacks related to this 0-day vulnerability has occurred over the past seven days."

Microsoft hasn't said when it will release a patch yet, said Dunham, and the Object Data vulnerability thus leaves us wide open to a rash of Trojans during 2003, he reckoned. The earlier patch just doesn't work. µ