Microsoft IE Advisory

Microsoft is warning users about a vulnerability in Internet Explorer that has been used in targeted e-mail attacks in which people were sent links directing them to a Web site where exploit code could be activated to take over their computers.  The exploit code has been taken down.  It was written specifically for IE 6 and 7.  IE8 in the default installation with Data Execution Prevention enabled, and IE9 beta are not vulnerable.  Microsoft has released a security advisory that includes workarounds, such as enabling DEP, reading e-mails in plain text, and setting Internet and local intranet security zone settings to “high” to block ActiveX Controls and Active Scripting.  A Fix-it tool that will ease the implementation of workarounds is expected some time today.  There is no timeline on a security update.

According to C-Net’s article, once a machine is compromised, the malware sets itself for auto start up, along with a service named “NetWare Workstation” using encrypted .gif files to provide instructions to the Trojan.  Symantec researchers were able to grab a screenshot of the manually entered attacker’s commands.  Symantec has named the threat “Backdoor.Pirpi.”



Kaspersky Monthly Malware Stats, October Quiet

Kaspersky Lab has published its malware stats for October 2010.  Overall, October was relatively quiet, although there were a few incidents worthy of note.

  • Virus.Win32.Murofet, which infected a large number of PE files, was detected at the beginning of the month, related to Zeus.
  • Fake archiving programs are becoming increasingly common.
  • Microsoft set a record for vulnerability patches released.

Visit their site to see the Top 20 malicious programs detected on users’ PCs and the Top 20 malicious programs on the Internet.