Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Optimized IE Exploit Speeds Up Infection

A new twist on the existing exploit of Internet Explorer's zero-day vulnerability has slashed the time it takes to compromise a computer, a security company claimed Friday.

According to Sunnyvale, Calif.-based Fortinet, the exploit -- dubbed "JS/CreateTextRange.B" to differentiate it from the original -- takes much less time to execute.

"In this version, the time to wait before the execution of the payload (aka hacker's code and potentially damaging payload) is minimized," said Fortinet's alert.

The change could be significant, since the one exploit now in circulation takes 5 to 10 seconds to execute, said Dan Hubbard, senior director of security and research at Websense.

"Some people give up and close their browser before that finishes," he said. The relatively long time for exploitation, he said, is in contrast to the Windows Metafile attack earlier in the year. "In that, as soon as you hit a page, you were infected," he said.

  • 1