Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Networking

    Spyware, Bots, Rootkits Flooding Through Unpatched IE Hole

    By
    Ryan Naraine
    -
    September 19, 2006
    Share
    Facebook
    Twitter
    Linkedin

      The newest zero-day flaw in the Microsoft Windows implementation of the Vector Markup Language is being used to flood infected machines with a massive collection of bots, Trojan downloaders, spyware and rootkits.

      Less than 24 hours after researchers at Sunbelt Software discovered an active malware attack against fully patched versions of Windows, virus hunters say the Web-based exploits are serving up botnet-building Trojans and installations of ad-serving spyware.

      “This is a massive malware run,” says Roger Thompson, chief technical officer at Atlanta-based Exploit Prevention Labs. In an interview with eWEEK, Thompson confirmed the drive-by attacks are hosing infected machines with browser tool bars and spyware programs with stealth rootkit capabilities.

      The laundry list of malware programs seeded on Russian porn sites also includes a dangerous keystroke logger capable of stealing data from computers and a banker Trojan that specifically hijacks log-in information from financial Web sites.

      According to Sunbelt Software researcher Eric Sites, the list of malware programs includes VirtuMonde, an ad-serving program that triggers pop-ups from Internet Explorer; Claria.GAIN.CommonElements, an adware utility; AvenueMedia.InternetOptimizer; and several browser plug-ins and tool bars and variants of the virulent Spybot worm.

      eWEEK has confirmed the flaw—and zero-day attacks—on a fully patched version of Windows XP SP2 running IE 6.0. There are at least three sites hosting the malicious executables, which are being served up on a rotational basis.

      In some cases, a visit to the site turns up an error message that reads simply: “Err: this user is already attacked.”

      The attack is closely linked to the WebAttacker do-it-yourself spyware installation tool kit. On one of the maliciously rigged Web sites, the attack code even goes as far as referencing the way Microsoft identifies its security patches, confirming fears that a well-organized crime ring is behind the attacks.

      The URL thats serving up the exploit includes the following: “MS06-XMLNS&SP2,” a clear reference to the fact that the flaw is a zero-day that will trigger a quick patch from Microsoft.

      A Microsoft spokesman said the company is aware of the public release of detailed exploit code that could be used to exploit this vulnerability. “Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the users system. Microsoft is aware of limited attacks that attempt to exploit the vulnerability,” the spokesman said in a statement sent to eWEEK.

      The company plans to ship an IE patch as part of its October batch of updates due Oct. 10. An emergency, out-of-cycle patch could be released if the attacks escalate.

      Microsoft has added signature-based detection to its Windows OneCare anti-virus product. A formal security advisory with pre-patch workarounds will be posted within the next 24 hours.

      Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×