IE SECURITY THREAT

Gopher Attacks Are Latest IE Security Threat

The Gopher protocol has been forced underground since the advent of the World Wide Web. But the original Internet surfing technology can still put a nasty bite on users of Microsoft's Internet Explorer browser, a security researcher warned today.

A Gopher client nestled in the darkest corners of IE's code contains an exploitable buffer overflow bug that could allow a malicious server to run arbitrary code on a victim's computer, according to an advisory issued today by Jouko Pynnonen of Finland's Online Solutions.

The Web's Latest Threat: Smarter 'Zombies'

As if zombie PCs -- computers taken over by hackers and used to distribute spam and malware -- weren't already bad enough, they are now harder to prevent than ever before.

That's because they're getting smarter and harder to track down, according to security software vendor Commtouch. New zombies now routinely request new IP addresses from their ISPs, so anti-spam software that works by blocking spam based the originating IP addresses can no longer effectively halt them, the company said in its most recent quarterly Internet Threats Trend Report.

While some ISPs deny their request to change IP address, others accede, giving them new IP addresses in real time, Amir Lev, chief technology officer at Commtouch (NASDAQ: CTCH), told InternetNews.com. The result is that zombies can change addresses much faster than most security services and software can respond, which means their users are not protected, Lev said.

Commtouch's findings signal the latest setbacks in the war on spam and botnets -- networks of zombie PCs. Spam and botnet activity fell sharply late last year after major spam host McColo was shut down in November.