Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Unpatched IE Hole Swarmed

    By
    Ryan Naraine
    -
    September 25, 2006
    Share
    Facebook
    Twitter
    Linkedin

      The newest zero-day flaw in the Microsoft Windows implementation of Vector Markup Language, or VML, is being used to flood infected machines with a massive collection of bots, Trojan downloaders, spyware and rootkits.

      Less than 24 hours after researchers at Sunbelt Software discovered an active malware attack against fully patched versions of Windows, virus hunters said the Web-based exploits are serving up botnet-building Trojans and installations of ad-serving spyware.

      “This is a massive malware run,” said Roger Thompson, chief technology officer at Atlanta-based Exploit Prevention Labs. In an interview with eWeek, Thompson confirmed the drive-by attacks are flooding infected machines with browser tool bars and spyware programs with stealth rootkit capabilities.

      The laundry list of malware programs seeded on Russian porn sites also includes a dangerous keystroke logger capable of stealing data from computers and a banker Trojan that specifically hijacks log-in information from financial Web sites.

      According to Sunbelt Software researcher Eric Sites, the list of malware programs includes VirtuMonde, an ad-serving program that triggers pop-ups from Microsofts Internet Explorer; Claria.GAIN.CommonElements, an adware utility; AvenueMedia.InternetOptimizer; and several browser plug-ins and tool bars and variants of the virulent Spybot worm.

      eWeek has confirmed the flaw—and zero-day attacks—on a fully patched version of Windows XP Service Pack 2 running IE 6.0. There are at least three sites hosting the malicious executables, which are being served up on a rotational basis.

      In some cases, a visit to the site turns up an error message that reads simply: “Err: this user is already attacked.”

      The attack is closely linked to the WebAttacker do-it-yourself spyware installation tool kit. On one of the maliciously rigged Web sites, the attack code even goes as far as referencing the way Microsoft identifies its security patches, confirming fears that a well-organized crime ring is behind the attacks.

      The URL thats serving up the exploit includes the following: “MS06-XMLNS&SP2,” a clear reference to the fact that the flaw is a zero-day that will trigger a quick patch from Microsoft.

      A Microsoft spokesperson said the Redmond, Wash., company is aware of the public release of detailed exploit code that could be used to exploit this vulnerability. “Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the users system. Microsoft is aware of limited attacks that attempt to exploit the vulnerability,” the spokesperson said in a statement sent to eWeek.

      The company plans to ship an IE patch as part of its October batch of updates due Oct. 10. An emergency, out-of-cycle patch could be released if the attacks escalate.

      Microsoft has added signature-based detection to its Windows OneCare anti-virus product. A formal security advisory with prepatch workarounds has been published.

      Avatar
      Ryan Naraine

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×