Almost 1,000 users affected by Netscape security hole

WASHINGTON - Security experts were warning Internet users Monday about a security hole in Netscape's Web browser that has already infected almost 1,000 computers.

Once a computer is infected, a hacker can click through the victim's computer and see, run and delete files on the target computer. The method, dubbed ''Brown Orifice'' in a reference to the popular hacker tool BackOrifice, has been making the rounds of computer security mailing lists and bulletin boards over the weekend.

Netscape has not yet made a remedy available, but are working on the problem.

''Netscape takes all security issues very seriously,'' said Netscape spokesman Andrew Weinstein, ''We're working to quickly evaluate and address this concern.''

The person who posted the code, who identified himself as Dan Brumleve, also posted a sample bit of computer code on his Web site that can be modified for more malicious purposes and a list of some of the users who have been infected.

This list is being used by other hackers, said computer security expert Chris Rouland of Internet Security Systems, making those infected computers open to anyone who wants to click through their wide-open hard drives.

''As of (Monday) morning,'' Rouland said,''965 people have it loaded.''

It's common practice to make dangerous code public, so that security professionals can better prepare themselves to defend against the code. ISS said that information about the security hole had also appeared on several popular Web sites such as Slashdot, an online community of users of the Linux operating system.

''It can be assumed that knowledge of the exploit, its source code, and variations are widespread,'' ISS said in a press release.

However, there is still no remedy available from Netscape. Atlanta-based ISS, which analyzed the security hole, advises Netscape users to disable the Java programming language in their browser. Netscape, owned by America Online, suggested the same temporary workaround.

Both ISS and Netscape officials noted that business users, because they're protected by the company's network firewall, are not vulnerable.

Rouland said Brown Orifice is especially dangerous because it's easy to modify, and can be changed into a self-copying virus form - as opposed to the current infection method, where a victim visits a Web site that includes the malicious code.

''The bar's been lowered for any script-kiddie to modify this code and make it even more malicious,'' Rouland said.

Netscape Communicator versions 4.74 and earlier are affected, Rouland said. Microsoft Internet Explorer users and users of the Mozilla pre-release version of the new Netscape browser 6.0 are not vulnerable to this problem.

Rouland noted that Microsoft users who have switched to Netscape - a company whose history includes the earliest Web browsers - after the recent stream of Microsoft-related security holes in Internet Explorer and the Outlook and Outlook Express e-mail programs are finding that no computer programs are without problems.

Also on Monday, another security expert pointed out a security hole in Microsoft's Word and Excel products that can let a hacker take over the victim's computer. Microsoft officials said they are working on the issue.

''The vendor-changing strategy obviously doesn't work,'' he said. ''Security coding practices are being ignored by even one of the Internet's oldest companies.''


Use the comment form below to begin a discussion about this content.

Sign in to comment