According to security firm Trend Micro, cyber-criminals are targeting a patched flaw in IE 7 to steal data. A fix for the flaw was included in the recent round of Patch Tuesday security bulletins.
Hackers have begun actively targeting a vulnerability in Internet Explorer 7
that was patched earlier this month by Microsoft.
The bug cyber-criminals are looking
is a remote code execution vulnerability that lies in the way Internet
Explorer 7 handles errors
when attempting to access deleted objects.
According to Trend Micro, attackers are spamming a malicious .DOC
file detected as X M L_DLOADR.A in a bid to infect unprotected
"This file has a very limited distribution script, suggesting it may be a targeted
attack," wrote Trend Micro's Jake Soriano, on the company's Malware Blog. "It
contains an ActiveX object that automatically accesses a site rigged with a
malicious HTML detected by the Trend Micro Smart Protection Network as
On an unpatched system, successful exploitation by HTML_DLOADER.AS downloads
a backdoor detected as BKDR_AGENT.XZMS. The backdoor in turn installs a .DLL
file that steals data and sends it to another URL via Port 443, Soriano wrote.
During this month's Patch Tuesday, Microsoft also
a vulnerability in the way Internet Explorer handles CSS
(Cascading Style Sheets). When IE displays a Web page that contains certain CSS
styles, memory may be corrupted in such a way that an attacker could execute
arbitrary code with the same rights as the logged-on user.
There was no word from Trend Micro as to whether this second issue was also
Even with the rising popularity of rivals such as Firefox and Google Chrome,
IE remains the most widely used-and targeted-Web browser. In December, Microsoft
to issue an out-of-band patch to ward off attempts by hackers
to compromise users
"Although the install base of the IE family is slowly eaten up by stiff
competition such as Firefox and Chrome, IE7 is used by about one in every four
Web users, a much larger share than previous versions of IE," Soriano wrote.
"This could explain why cyber-criminals seem to be eagerly searching for more
bugs. ... Users meanwhile are advised to patch now."