Microsoft IE Advisory

Microsoft is warning users about a vulnerability in Internet Explorer that has been used in targeted e-mail attacks in which people were sent links directing them to a Web site where exploit code could be activated to take over their computers.  The exploit code has been taken down.  It was written specifically for IE 6 and 7.  IE8 in the default installation with Data Execution Prevention enabled, and IE9 beta are not vulnerable.  Microsoft has released a security advisory that includes workarounds, such as enabling DEP, reading e-mails in plain text, and setting Internet and local intranet security zone settings to “high” to block ActiveX Controls and Active Scripting.  A Fix-it tool that will ease the implementation of workarounds is expected some time today.  There is no timeline on a security update.

According to C-Net’s article, once a machine is compromised, the malware sets itself for auto start up, along with a service named “NetWare Workstation” using encrypted .gif files to provide instructions to the Trojan.  Symantec researchers were able to grab a screenshot of the manually entered attacker’s commands.  Symantec has named the threat “Backdoor.Pirpi.”