Jake Soriano writes in TrendLabs blog about a pest targeting a critical vulnerability in Internet Explorer 7 which Microsoft patched with MS09-002 update last Tuesday.
The threat starts with a spammed malicious .DOC file which TrendMicro detects as XML_DLOADR.A. "This file has a very limited distribution script, suggesting it may be a targeted attack. It contains an ActiveX object that automatically accesses a site rigged with a malicious HTML detected by the Trend Micro Smart Protection Network as HTML_DLOADER.AS."
On a system without MS02-002 patch installed HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS by TrendMicro. This backdoor in turn installs a .DLL file with information stealing capabilities. It sends stolen information to another URL through port 443.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment