Viruses/Worms News

Cybercriminals attack IE vulnerabilities

Wednesday, February 18, 2009

An IE exploit has been found in the wild that takes advantage of one of the two fixed vulnerabilities fixed by Microsoft last week in its monthly release of security patches.

The exploit exists thanks to a cybercriminal reverse engineering the security patch and creating malware that is sent via email, SCMagazineus.com reports.

A Word document containing code regarding the way IE7 handles types of content is sent in an email, according to the article. The code has an ActiveX object that accesses a website containing a downloader, which takes advantage of the vulnerability.

Users who open the attachment will install a backdoor trojan onto their machines, which is capable of communicating from a SSL encryption with a third-party server as it collects sensitive date from the user.

According to some security officials, the malware appears to have originated in China and has claimed an Asian journalist as a victim.
The timing of the attack, a week after security patches were released, may be an emerging trend among cybercriminals to bank on the fact users and organizations do not apply critical security patches in a timely manner.

Initially, this is how the Conficker, also known as Downadup, worm began.ADNFCR-1765-ID-19032269-ADNFCR

Related News:

Researchers: Malware attackers reloading for Windows 7 assaults - 11.20.2009
A report issued yesterday by computer security firm Symantec says that hackers are undoubtedly reworking their malicious software to target Windows 7 as more users switch to the latest version of Microsoft's flagship OS.

Want to secure your iPhone against intruders? There's an app for that - 11.20.2009
Cisco Systems today released a free iPhone app that will allow users to receive security updates and the latest news on web threats, as well as aggregating additional security related content for iPhone users.

Microsoft says 64-bit versions of Windows are harder to infect - 11.19.2009
Members of Microsoft's security team write that 64-bit editions of Windows are much less susceptible to malware attacks, but outside experts caution that 64-bit malware could be the next big thing in cyber crime.

Google coming down hard on malicious advertisers - 11.18.2009
Search giant Google has said that it will lay down the law where scam artists and malvertisers are concerned: Permanent bans will be the result of any fraudulent activity on the company's AdWords service.

If at first you don't succeed: Most malware protection fails first round of certification testing - 11.17.2009
A study performed by security testing and research firm ICSA Labs says that almost four out of five computer security products fail their first certification tests and need to be retooled for a second and sometimes a third attempt.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now