Press Releases

Browse our press release archive

02 Dec 2005

Hackers exploit unpatched Internet Explorer bug to install malware

The Clunky-B Trojan horse exploits the Microsoft vulnerability, allows hackers to gain access to the PC. Image copyright (c) Sophos
Clunky-B exploits the Microsoft vulnerability, allowing hackers to gain access to the infected PC.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned internet users to take care when surfing the web, following sightings of malware which has been planted on websites exploiting an unpatched Microsoft security vulnerability.

The security vulnerability, which is not yet patched by Microsoft, allows hackers to run malicious software (such as a Trojan, virus or worm) on a user's machines when they visit a website containing the exploit code.

The vulnerability affects Microsoft Internet Explorer on the following operating system platforms: Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium Edition, Windows 2000 Service Pack 4, Windows XP Service Pack 1, and Windows XP Service Pack 2.

Sophos experts have seen malware posted on websites using the vulnerability, including the Troj/Clunky-B Trojan horse (protected against since November 30 2005).

"Microsoft will be fuming that the security of their software is being brought into question before they have had a chance to issue a security patch," said Graham Cluley, senior technology consultant for Sophos. "Microsoft's next bundle of security patches are not due until 13 December, and it will be interesting to see if they decide to break the cycle and release a patch earlier in response to the increasing number of exploits of this problem."

"Everyone who uses the net needs to be very careful about what websites they visit, which email links they click on, and to ensure their defenses are always up-to-date," continued Cluley. "It wouldn't be a surprise if more malware was distributed that took advantage of this vulnerability in Microsoft's code."

Until a fix is available from Microsoft, concerned computer users should consider changing the configuration of Internet Explorer to turn off, or prompt before, allowing Active Scripting to run.

Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at

Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection and appropriate firewall defenses.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at