Internet Explorer vulnerability lets hackers track your mouse movements

Status
Not open for further replies.

Fiery

Level 1
Thread author
Jan 11, 2011
2,007
A vulnerability found in Microsoft's Internet Explorer allows hackers to track the movements of your mouse cursor across the screen, which could in turn reveal data entered on virtual keyboards.

Virtual keyboards and keypads can be used to reduce the chance of a keylogger recording every keystroke and therefore being able to "read" your passwords. However Spider.io discovered that Internet Explorer versions 6 to 10 make it possible for your mouse cursor to be tracked anywhere on screen, even if the IE tab is minimized. You can see a video demonstration of the vulnerability embedded in this post, or you can try it yourself at this link (provided you are browsing with IE).

This particular vulnerability is of concern, because if you use Internet Explorer your mouse movements can be recorded even if you never install any software. A hacker simply needs to buy a display advertising placement on any webpage you visit. As long as the tab with the ad remains open, mouse movements can be tracked.

The analytics company disclosed the vulnerability to Microsoft back in October, but has now gone public. The Microsoft Security Research Centre recognizes that there is a vulnerability but has said that there are no immediate plans to patch it. Spider.io says that a number of Web analytics companies are already making use of this ability to track cursor movements.

Read more: http://arstechnica.com/security/2012/12/internet-explorer-vulnerability-lets-hackers-track-your-mouse-movements/
 

Gnosis

Level 5
Apr 26, 2011
2,779
Always coming up with something..................
It is an infinite back and forth between security and malicious activity.
 
P

Plexx

It is inevitable. One needs to keep the balance of things.

Without exploits etc, there would be just a plain choice of software and no one would really make money or anything.

With exploits, holes, etc, there is competition. Where there is competition, there is innovation and improvements.

Can we imagine if we were still on the Netscape browser or Neoplanet (mind you I did like Neoplanet back then)?

The only improvement without such balance would be aesthetic to "fight" against its competition.

What troubles me is MS decision on no immediate patch. Not sure what exactly they are thinking. But nevertheless no one is perfect.
 

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Wow Netscape,havent heard that in a long,long time:D Is this exploit new ? It wasnt addressed in yesterdays updates?

I guess its like anything,once you are good at something you grow bored with it and need to find something more challenging to get that rush.Im sure hackers are the same way.
 

3link9

Level 5
Verified
Oct 22, 2011
860
White Nobster said:
Wow Netscape,havent heard that in a long,long time:D Is this exploit new ? It wasnt addressed in yesterdays updates?

I guess its like anything,once you are good at something you grow bored with it and need to find something more challenging to get that rush.Im sure hackers are the same way.

According to the article the company let microsoft know back in october but Microsoft said they know about it but have no immediate plans to patch it.
Shame, really.
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Internet Explorer flaw allows attackers to track your mouse movements

Sophos said:
Researchers have found a security hole in Internet Explorer, potentially giving hackers a way of tracking your mouse cursor movements, even if your window is inactive, minimised or unfocused.

The vulnerability is particularly worrisome given that it thwarts the use of virtual keyboards and virtal keypads, which are used as a defence against keyloggers.

The vulnerability was discovered by spider.io, vendor of a hosted platform that the company says allows users to distinguish between human website visitors and bots in real time.

Here's a brief video where the issue is demonstrated:
[video=youtube]http://www.youtube.com/watch?&v=qxUa2VWnE8A[/video]​

Read more: http://nakedsecurity.sophos.com/2012/12/14/internet-explorer-flaw-mouse-tracking/
 
I

illumination

I just love that they push this info out about vulnerability's but issue no fixes. In the way the info is pushed out, it is like a Criminal advertisement, like holding up a big sign "come and get it". As others have stated as well as myself at times in this forum, it is a very lucrative business.
 

Tom172

Level 1
Feb 11, 2011
1,009
Still it's better for people to know the issue exists even is there's no fix.
 

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
thewolfsmith72 said:
I just love that they push this info out about vulnerability's but issue no fixes. In the way the info is pushed out, it is like a Criminal advertisement, like holding up a big sign "come and get it". As others have stated as well as myself at times in this forum, it is a very lucrative business.

It is nice to be aware of threats but when there seems to be no defense there is really no point.It's just giving someone with malicious intentions more ideas.Makes you wonder sometimes if it is all just part of the browser wars.
 

Tom172

Level 1
Feb 11, 2011
1,009
White Nobster said:
thewolfsmith72 said:
I just love that they push this info out about vulnerability's but issue no fixes. In the way the info is pushed out, it is like a Criminal advertisement, like holding up a big sign "come and get it". As others have stated as well as myself at times in this forum, it is a very lucrative business.

It is nice to be aware of threats but when there seems to be no defense there is really no point.It's just giving someone with malicious intentions more ideas.Makes you wonder sometimes if it is all just part of the browser wars.

I think it's safe to say people who are involved in cyber crime and writing malicious code are aware of these vulnerabilities long before they're brought to people's attention by the media.
 
I

illumination

Tom172 said:
I think it's safe to say people who are involved in cyber crime and writing malicious code are aware of these vulnerabilities long before they're brought to people's attention by the media.

That may be the case, but at what percentage already know, and what does that percentage look like after it has been aired with still no fixes?
One would think there would be a better solution then this with today's technology.
 

Tom172

Level 1
Feb 11, 2011
1,009
You've got a point there also. There might be some people with some know-how who might want to get up to nefarious activities after reading such news. The upside is that we can alert people who use IE and possibly prevent them from a lot of grief.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top