Malware Authors Exploiting Latest IE7 Vulnerability

Category: Bugs / Virus
Posted: February 17, 2009 04:43PM
Author: Nemo

Microsoft issued a patch for a couple of Internet Explorer bugs last Tuesday during its monthly cycle known as Patch Tuesday. Security researchers have begun seeing exploits appear that take advantage of those vulnerabilities on machines that have not yet been patched. Although the attacks are currently small in numbers, we've seen this type of approach before, just witness the success of the Conficker/Downadup worm that has infected millions of machines by taking advantage of a bug for which Microsoft had issued a patch months before. The latest threat comes in spam messages disguised as a Word document. If a user launches the bogus document the malware infects machines that have not been patched with Microsoft's MS09-002 security update. Researchers are not sure the direction this attack will take, but speculate it will evolve into a campaign based on news about Tibet as this is the 50th anniversary of China's takeover of Tibet and the command and control servers for this exploit seem to be China-based.

• Email Link
• Print News

This news has comment postings disabled because it is now archived.