Microsoft IE Advisory

Microsoft is warning users about a vulnerability in Internet Explorer that has been used in targeted e-mail attacks in which people were sent links directing them to a Web site where exploit code could be activated to take over their computers.  The exploit code has been taken down.  It was written specifically for IE 6 and 7.  IE8 in the default installation with Data Execution Prevention enabled, and IE9 beta are not vulnerable.  Microsoft has released a security advisory that includes workarounds, such as enabling DEP, reading e-mails in plain text, and setting Internet and local intranet security zone settings to “high” to block ActiveX Controls and Active Scripting.  A Fix-it tool that will ease the implementation of workarounds is expected some time today.  There is no timeline on a security update.

According to C-Net’s article, once a machine is compromised, the malware sets itself for auto start up, along with a service named “NetWare Workstation” using encrypted .gif files to provide instructions to the Trojan.  Symantec researchers were able to grab a screenshot of the manually entered attacker’s commands.  Symantec has named the threat “Backdoor.Pirpi.”

C-NET

Advertisements

Kaspersky Monthly Malware Stats, October Quiet

Kaspersky Lab has published its malware stats for October 2010.  Overall, October was relatively quiet, although there were a few incidents worthy of note.

  • Virus.Win32.Murofet, which infected a large number of PE files, was detected at the beginning of the month, related to Zeus.
  • Fake archiving programs are becoming increasingly common.
  • Microsoft set a record for vulnerability patches released.

Visit their site to see the Top 20 malicious programs detected on users’ PCs and the Top 20 malicious programs on the Internet.