Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Web Attackers Train Guns on Patched Windows MDAC Flaw

    By
    Ryan Naraine
    -
    June 8, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Malicious hackers are actively exploiting a flaw patched by Microsoft in its April batch of bulletins to hijack computers for use in botnets, according to a warning from malware hunters.

      Researchers at Exploit Prevention Labs, an Atlanta-based Internet security outfit, said several bot-seeding scripts are targeting the MDAC (Microsoft Data Access Components) flaw covered in the software makers MS06-014 bulletin.

      “Ive seen three different scripts in one week. Thats an indication that at least three different [hacker] groups have independently worked out their own exploit,” said Roger Thompson, chief technical officer at Exploit Prevention Labs.

      “As far as I know, there has been no published proof-of-concept for this exploit. Usually, they will simply copy and paste a published exploit with their own payload. But, it looks like they are now reverse-engineering the patches themselves,” Thompson said in an interview with eWEEK.

      The flaw is a remote code execution bug that exists in the RDS.Dataspace ActiveX control that is provided as part of the ActiveX Data Objects distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

      /zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      In the latest attacks, Thompson said, Internet users can become at risk by simply browsing to a maliciously rigged Web site or opening a specially crafted e-mail message.

      In some cases, banner advertisements on Web sites can be used to deliver the payload to vulnerable, unpatched machines.

      Thompson said the attacks include the use of a downloader that puts the infected machine under the control of attackers. “Once the downloader is installed, that computer is now owned by the Web mob. They typically just hose the machine with spyware and fake anti-spyware programs. Its all about using that machine to make money,” he said.

      Thompsons intelligence network found the exploit seemed related to the WebAttacker do-it-yourself spyware-making toolkit that is being sold on underground Russian Web sites for about $300 a pop. The WebAttacker kit includes scripts that simplify the task of infecting computers and spam-sending techniques used to lure victims to specially rigged Web sites.

      Thompson said the MDAC exploits present a serious threat to corporate Windows users who have not yet deployed the patch. “Some businesses take a long time to completely install all patches. In some cases, they are six months behind.”

      Of the three exploit scripts nabbed in the wild, Thompson found they were all “complete rewrites” and not simply minor variants, he said. “This is really unusual, and is probably happening because the exploit is not relying on an application crash and buffer overflow, but simply using a feature in MDAC,” he said, likening the latest attacks to the WMF (Windows Metafile) zero-day situation in December 2005

      “What this means is that its very easy to exploit this vulnerability and, if we can get three in a week, we can expect more. WMF was equally easy, and we had lots of variants of that within a few days,” Thompson warned.

      He said Windows users using Automatic Updates to apply patches should be safe, but because its a Web-based exploit, enterprise IT departments should avoid depending entirely on firewalls for protection.

      /zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×