Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Jump On Newest IE7 Bug

Posted by CmdrTaco on from the hop-on-pop dept.

CWmike writes "Attackers are already exploiting a bug in Internet Explorer 7 that Microsoft patched just last week, security researchers warned today. Although the attacks are currently in 'very, very small numbers,' they may be just the forerunner of a larger campaign, said Trend Micro's Jamz Yaneza. 'I see this as a proof-of-concept,' said Yaneza, who noted that the exploit's payload is extremely straightforward and explained that there has been no attempt to mask it by, say, planting a root kit on the victimized PC at the same time. 'I wouldn't be surprised to see this [exploit] show up in one of those Chinese exploit kits,' he added. The new attack code, which Trend Micro dubbed 'XML_Dloadr.a,' arrives in a spam message as a malicious file masquerading as a Microsoft Word document."

6 of 162 comments (clear)

  1. Re:Hopefully attacks like this won't be as prevole by Greyfox · · Score: 4, Informative
    Back in the day when dinosaurs and mainframes walked the earth and the system programmer's room was likely to have more than one half-drunk cup of coffee with a cigarette butt floating in it, it was not uncommon to get an E-mail around Christmas time with an attachment in it. The attachment purported to display an ASCII Christmas tree on your terminal, complete with flashing ornaments and such.

    When it was run, this attachment would helpfully and quietly forward itself to everyone in your address book. A couple of days later, after cleaning up the smoking wreckage of the E-mail system, system administration would send out an E-mail suggesting that it's not a good idea to run programs from unknown sources.

    This was on IBM VM/CMS, a notably not-Microsoft OS.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  2. Re:Exploit Wednesday by fuzzyfuzzyfungus · · Score: 2, Informative

    I'm not an expert by any means; but I'd suspect that that is a hard problem. The security patch must, to fulfill its purpose, change the system from its vulnerable state to a nonvulnerable one. Tools for observing changes of state are common, well developed, and have loads of legitimate uses. Especially with all the use of VMs now, you pretty much have to assume that the hypothetical reverse engineer can see absolutely everything that happens to the system, step by step, if he feels like it.

    Microsoft could, of course, add large numbers of irrelevant changes to every patch, as a sort of chaff, and use the various other obfuscation tricks; but I strongly suspect that that would do nothing good for the timeliness or quality of their patches.

  3. minor pedantry by AliasMarlowe · · Score: 2, Informative

    virii

    If that's an attempt at Latin, it failed. In Latin, virus is in the fourth declension and its plural is virus (yep, just like the singular), and NOT viri or virii.

    Of course, as an English word, the plural of virus is viruses.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    1. Re:minor pedantry by Petrushka · · Score: 2, Informative

      If that's an attempt at Latin, it failed. In Latin, virus is in the fourth declension and its plural is virus (yep, just like the singular), and NOT viri or virii.

      You, too, fail at Latin: it's second declension. Didn't your Latin teacher ever tell you to look at the genitive to determine which declension it is?

      Don't be misled by the fact that it's neuter: it's one of three 2nd-decl. -us nouns that are neuter (the others are pelagus and vulgus). Nouns of this type do not have plurals in Latin (see Allen & Greenough p. 22).

  4. Re:In other news-- FISH FOUND IN OCEAN by The+MAZZTer · · Score: 2, Informative

    Viruses/Virii don't tend to destroy the computer anymore, since that pretty much gives them away AND also makes it difficult for them to propagate or earn money off of you (ad views, purchases) when your computer won't turn on.

  5. Re:Hopefully attacks like this won't be as prevole by JasterBobaMereel · · Score: 2, Informative

    ...and I won't run it, nor will any of my users....

      Update my system .. ok I just go in the package manager ... no updates .. oh well

    Social engineering works both ways, If you make sure you never, ever, send updates via email then the users notice it's unexpected and ask first ... Too many Windows systems are updated by users clicking on links in/attachments to emails ... and far too many websites give download and run links for Windows systems so that the users expect it to work like that

    Linux does not make hijacking and exploits impossible, or even that difficult... but it does make it inherently less likely that the simple ones will succeed (don't run as admin, make it painful to run downloaded files, update via package manager not by running a program/script)

    --
    Puteulanus fenestra mortis