New exploit targets IE 7 hole patched last week

Cybercriminals are exploiting a critical hole in Internet Explorer 7 that was patched a week ago by Microsoft, security firm Trend Micro warned on Tuesday.

The malicious code, which Trend Micro named “XML_DLOADR.A,” is hidden in a Word document. On unpatched systems, when the file is opened an ActiveX object automatically accesses a Web site to open a backdoor that installs a .DLL (dynamic link library) file that can steal information, according to a Trend Micro blog entry. The code sends stolen data to another Web address via port 443, Trend Micro said.

As a result of the back door, “anybody can run commands on the affected system,” said Jamz Yaneza, a senior threat analyst and researcher at Trend Micro.

Microsoft released a security patch for the vulnerability, and others, a week ago. The vulnerability arises from the browser’s improper handling of errors when attempting to access deleted objects.

“It looks like a proof of concept or targeted attack,” Yaneza said. The exploit is similar to politically motivated attacks that were seen before the Olympics last year in which PDF files and Word documents contained exploit code and automatically connected computers to malicious Web sites, he said.

It appears that the site directed to is in China and there is Chinese terminology in the code, according to Yaneza. That and the fact that the 50th anniversary of the Tibetan uprising is approaching, on March 10, suggests that this attack could be politically motivated as well, he said.

“People need to speed up how they patch their OSes, or turn on auto update in Windows,” Yaneza said.

This graphic shows how the new IE7 exploit code works to install a backdoor on an unpatched computer.

(Credit: Trend Micro)

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

Originl Article

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: