These days the Internet reads like a bad movie script. Reuters reports that security holes in Microsoft’s Internet Explorer browser have been exploited by hackers to hijack AOL instant messaging accounts and force unsuspecting Web surfers to run up massive phone bills. Some Internet Explorer users are also finding that malicious Web sites are secretly slipping trojan programs onto their computers, according to eEye Digital Security, which discovered the original security vulnerability. Such stealth programs can include keystroke loggers that record everything a person types or software to erase the hard drive, among other things.
The attacks are accomplished by leading Internet Explorer users to a malicious Web site, either by sending an e-mail with a link to the Web page or distributing a link through instant messaging. When the Web site appears, it downloads code that can execute commands on its own onto the unsuspecting computer user’s machine, according to Copley. An attacker has written a program that uses a security hole in Internet Explorer to hijack an already running AOL Instant Messenger account, changes the password and send a message to the buddies list with a link to the malicious Web page, according to postings on the Bugtraq security e-mail list.