Richard M. Smith wrote:
Has anyone ever looked into how often security holes in Internet
Explorer are actually used in viruses, worms, Trojan horses, and other
malware? My sense is that very few of them are actually used in the
Define "how often". It's either every day, or somewhere around 1 in 30
The KaK and Klez worms both use IE security holes to do their
dirty work, but most other Windows viruses seem to rely on social
engineering and standard features of Microsoft products.
If folks know of other malware that make use of IE security holes,
please let me know. I'm putting together a little list.
Nimda. There must be a few more as well. I still constantly get email
that tries to use various IE exploits, and I don't believe they're all
Nimda, Kak, and Klez.
Full-Disclosure - We believe in it.