Microsoft’s IE6 web browser remains widely used in the enterprise, despite its many performance and security problems.
One in five enterprise workers continue to use the nine-year-old web browser, even after the high-profile Operation Aurora attacks against organisations running the browser.
Last month, in response to a petition, the UK government said PCs in Whitehall will continue to run IE6 because rolling out IE8 would be difficult and could break web applications. US banking giant Chase, meanwhile, recently suggested even IE6 was better than either Chrome or Opera for online banking security.
A security report by net infrastructure firm Zscaler, published on Thursday, shows that a significant minority of private sector organisations are taking the same line as HMG, exposing themselves to a greater risk from security exploits as a result.
Zscaler’s study also found that misconfigured web applications that allow SQL injections and unpatched WordPress sites are a popular target for hacking attacks, which often rely on planting malicious code on vulnerable sites so that visiting surfers become exposed to malware-based assaults. China was the second most frequent source of malicious sites, behind only the US, in the second quarter of 2010, up from fifth berth in Q1 2010.
Hackers frequently relocate malicious code to avoid detection, Zscaler adds.