Hackers Jump On Newest IE7 Bug

CWmike writes "Attackers are already exploiting a bug in Internet Explorer 7 that Microsoft patched just last week, security researchers warned today. Although the attacks are currently in 'very, very small numbers,' they may be just the forerunner of a larger campaign, said Trend Micro's Jamz Yaneza. 'I see this as a proof-of-concept,' said Yaneza, who noted that the exploit's payload is extremely straightforward and explained that there has been no attempt to mask it by, say, planting a root kit on the victimized PC at the same time. 'I wouldn't be surprised to see this [exploit] show up in one of those Chinese exploit kits,' he added. The new attack code, which Trend Micro dubbed 'XML_Dloadr.a,' arrives in a spam message as a malicious file masquerading as a Microsoft Word document."

Re:Hopefully attacks like this won't be as prevole

[Greyfox]

Back in the day when dinosaurs and mainframes walked the earth and the system programmer's room was likely to have more than one half-drunk cup of coffee with a cigarette butt floating in it, it was not uncommon to get an E-mail around Christmas time with an attachment in it. The attachment purported to display an ASCII Christmas tree on your terminal, complete with flashing ornaments and such.

When it was run, this attachment would helpfully and quietly forward itself to everyone in your address book. A couple of days later, after cleaning up the smoking wreckage of the E-mail system, system administration would send out an E-mail suggesting that it's not a good idea to run programs from unknown sources.

This was on IBM VM/CMS, a notably not-Microsoft OS.