KASPERSKY LABS said that the StartPage trojan, which exploits a hole in Internet Explorer, sets a particularly dangerous precedent because Microsoft hasn"t issued a patch for it yet. The firm said that the trojan infects computers using the "Exploit.SelfExecHtml" hole in what it describes as IE"s "security" system.
And, Kaspersky claimed that because Microsoft hasn"t yet released the patch for the hole, it is "essentially leaving users defenseless in the face of this and other, potentially more dangerous threats choosing to exploit the very same vulnerability". The firm said that the Trojan has already been sent to several hundred thousand addresses on May 20th. The text is written in Russian.
It said the StartPage program is a Zip-archive that contains an HTML file. When users open the file, an embedded Java script runs and uses the Exploit.SelfExecHtml hole as well as secretly executing an embedded .EXE file. But Eugene Kaspersky, head of anti virus research, said that while the program is not dangerous, its introduction sets a precedent.