Hackers Jump On Newest IE7 Bug

CWmike writes "Attackers are already exploiting a bug in Internet Explorer 7 that Microsoft patched just last week, security researchers warned today. Although the attacks are currently in 'very, very small numbers,' they may be just the forerunner of a larger campaign, said Trend Micro's Jamz Yaneza. 'I see this as a proof-of-concept,' said Yaneza, who noted that the exploit's payload is extremely straightforward and explained that there has been no attempt to mask it by, say, planting a root kit on the victimized PC at the same time. 'I wouldn't be surprised to see this [exploit] show up in one of those Chinese exploit kits,' he added. The new attack code, which Trend Micro dubbed 'XML_Dloadr.a,' arrives in a spam message as a malicious file masquerading as a Microsoft Word document."

Re:Viruses are old tech.

[Locklin]

It's marked as a troll because it's a regurgitated line brought out whenever there is a discussion of a Microsoft vulnerability and adds nothing new to the conversation. It's used to discredit anyone pointing out a software alternative developed in a more security conscious way (a germane comment in a thread on security).

While its true that people will target software as a function of it's install base, there is such things as more secure software. For instance, Windows ME is less secure than XP. And an un-patched XP machine is less secure than a patched one. It's also quite likely that an XP machine is less secure than an average Linux machine, regardless of the install base.

Of course, there are several pointless jabs at Microsoft in this thread that should be marked troll under the same rules.