Viruses/Worms News

Microsoft ActiveX flaw could be Conficker 2.0

Thursday, July 9, 2009

An unpatched vulnerability in Microsoft Video ActiveX Control could lead to infections of millions of PCs, on par with the Conficker worm, a web security researcher said.

Roger Thompson, chief research officer at AVG Technologies, said the cybercriminals behind the Conficker worm, which could have infected as many as 12 million PCs worldwide with malware, could see the Microsoft flaw as "the next thing," according to IDG News Service.

The vulnerability lies mainly affects users of Internet Explorer 7 on Windows XP. Microsoft said an attacker who successfully exploits this security vulnerability could take control of a user's PC using a maliciously crafted website.

Web security firm PandaLabs said this week that it has detected over one hundred web pages, mainly hosted in China, modified to infect users by exploiting the vulnerability. Some of the sites have been infecting visitors with a Trojan horse - Lineage.LAC. A - which steals user information and uses rootkit techniques.

"The real danger of this vulnerability lies in the fact that any user could be infected, despite having their operating system completely up-to-date," said Luis Corrons, technical director of PandaLabs. "They just have to visit an infected Web page, even a legitimate one, to fall victim to the infection."

Although Windows Vista and Windows Server 2008 are unaffected by this vulnerability, Microsoft is recommending that customers remove support for ActiveX Control within Internet Explorer.
ADNFCR-1765-ID-19257883-ADNFCR

Related News:

Researchers: Malware attackers reloading for Windows 7 assaults - 11.20.2009
A report issued yesterday by computer security firm Symantec says that hackers are undoubtedly reworking their malicious software to target Windows 7 as more users switch to the latest version of Microsoft's flagship OS.

Want to secure your iPhone against intruders? There's an app for that - 11.20.2009
Cisco Systems today released a free iPhone app that will allow users to receive security updates and the latest news on web threats, as well as aggregating additional security related content for iPhone users.

Microsoft says 64-bit versions of Windows are harder to infect - 11.19.2009
Members of Microsoft's security team write that 64-bit editions of Windows are much less susceptible to malware attacks, but outside experts caution that 64-bit malware could be the next big thing in cyber crime.

Google coming down hard on malicious advertisers - 11.18.2009
Search giant Google has said that it will lay down the law where scam artists and malvertisers are concerned: Permanent bans will be the result of any fraudulent activity on the company's AdWords service.

If at first you don't succeed: Most malware protection fails first round of certification testing - 11.17.2009
A study performed by security testing and research firm ICSA Labs says that almost four out of five computer security products fail their first certification tests and need to be retooled for a second and sometimes a third attempt.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now