ROBERT SIEGEL, host:
Microsoft Windows users, beware. There's a security flaw in the software that leaves computers vulnerable to viruses, spyware, adware and the theft of personal information. Experts say the situation is particularly worrisome because the security flaw is easy to exploit. NPR's Laura Sydell explains.
LAURA SYDELL reporting:
Users may not even realize how they got the virus, spyware or various other computer maladies. But cyberspace criminals have discovered a security hole in Windows that lets them slip right into your hard drive, thanks to a certain media file. Joe Telafici is with the Internet security firm McAfee.
Mr. JOE TELAFICI (McAfee): It's so scary because you don't have to do anything to get infected. All's you have to do is go to a Web page that contains one of these image files or see it in an e-mail or even just open a folder that contains one of these image files.
SYDELL: Telafici says at McAfee, they started seeing the problem last Tuesday. Now the firm has heard from 6 percent of its users; that's some 250,000 people who have gotten infected because of the security hole. And that's just a fraction of the millions who use Microsoft Windows, all of whom are vulnerable.
Users might notice a problem if they start getting large numbers of pop-up ads. But online criminals often install spyware. That just runs in the background and allows outsiders to use the computer to help run pornography sites or send spam, says Alan Paller, director of research at the SANS Institute, which analyzes computer security risks.
Mr. ALAN PALLER (Director of Research, SANS Institute): So they're forcing your computer to visit sites that you don't know about. They're doing anything that they want to do to your computer to make themselves money.
SYDELL: The security hole in Microsoft Windows has been there for a long time, says Paller. It's just that no one noticed it until recently.
Mr. PALLER: This is a programming error that the programmers at Microsoft left in the software that they delivered to all of our computers, and some researcher or criminal or both found it.
SYDELL: Once found the word gets out and greater numbers of hackers take advantage of the security flaw to wreak havoc on computers. Paller says individuals are more vulnerable because they're less likely to have the kind of firewalls and protections that are found at larger businesses. He thinks things will get worse before they get better.
Mr. PALLER: There's a piling-on effect among criminals. If they find something that works, they all use it because they don't want to be left out. They don't want to have their competitors having gotten all the benefit of it.
SYDELL: Microsoft says it's working on a patch for the problem but hasn't released one yet. In the meantime, there are ways to protect your hard drive. Kevin Kean is director of the Microsoft Security Response Center. He says update your virus software regularly.
Mr. KEVIN KEAN (Director, Microsoft Security Response Center): We've been in touch with many of the large anti-virus vendors, and they indicate they have protections in place for the known exploits of this situation.
SYDELL: Kean and other security experts say users should also avoid unfamiliar Web sites and try not to click on any pictures. And, of course, don't open e-mail unless a friend told you they were sending you one. Laura Sydell, NPR News.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.