New vulnerability endangers Internet Explorer users

By: Doug Zbikowski

iewarn

UPDATE (May 1, 2014, 1:30pm ET): Microsoft has released an emergency patch for the Internet Explorer vulnerability. In a surprise move, they also released an update for Windows XP! Head over to Windows Update to get it.

A new bug has been discovered that could put Internet Explorer users at serious risk. Until the problem is fixed security experts are calling on users to switch to an alternative browser such as Google Chrome or Mozilla Firefox. In a rare move, the US Government is advising to users to switch to another browser until Internet Explorer is fixed.

On April 26th, 2014, Microsoft announced that all versions of Internet Explorer are at risk for “drive-by” attacks from malicious websites. This new vulnerability, dubbed CVE-2014-1776, has the potential to give hackers direct access to your computer, allowing infected web sites to install malicious applications, create new Windows accounts, and change or delete data stored on the computer. Disturbingly, these attacks have actually been observed in the wild by Internet security firm FireEye, who started observing this type of attack as early as February. Microsoft says attacks seem to be coming from websites that feature advertisement feeds or user-provided content where an attacker could insert malicious code. At this time it is unknown whether Microsoft will release an emergency patch or wait until patch Tuesday on May 13th to fix the vulnerability. Read more of this post

Be careful out there: Conduit Search spyware is annoying the Internet

UPDATE: In early 2014 a more aggressive version of Conduit Search started showing up. If the below instructions are not effective, we would suggest using Malwarebytes to remove the infection. You can download a free version of Malwarebytes here. (During installation, you may want to uncheck the “Enable free trial of Malwarebytes Anti-malware Premium” box if you don’t want a 30 day trial of the premium software to install.) Once installed, simply click “Scan Now” and Conduit Search (as well as any other infections) should be cleared up pretty quickly. Business professionals may want to consider TOAST.net’s Managed Antivirus product instead, which will block and clean infections as well as send you a regular security report to help you manage your network.

_______________________________________________________________________

Original Article:

We’re seeing a lot of reports of something called Conduit Search showing up on customer computers over the last few weeks, causing problems ranging from an inability to get to certain websites to getting completely locked out of your Internet connection. Conduit Search is essentially a
browser hijacker: a program or an add-on that attaches to your web browser and changes settings in ways you did not authorize.  In this case, browsers that are infected with Conduit will have their home page changed to search.conduit.com, and any searches performed will go through Conduit’s search engine rather than Google, Bing, Yahoo, or whatever search engine you are used to using. This search information is collected by Conduit for marketing and ads, then search results are displayed that make the business money with each click. Read more of this post
%d bloggers like this: