Have you applied Microsoft's February patches yet?

看板AntiVirus (防毒)作者WRITERT1NA (小妹(￣⊿￣"盛夏之年)時間17年前 (2009/02/23 12:27)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.IE7.exp02.09 20 Feb 09 -- Did you answer yes to the question posed above? If not, I sure hope the latest news convinces you to jump on those Microsoft patches as quickly as you can -- especially the Internet Explorer (IE) one. According to a Trend Micro blog post, attackers have already started exploiting one of the recently patched IE 7 vulnerabilities in the wild. In one of my posts leading up to Microsoft patch day, I reminded you that attackers often pay as close attention to Microsoft Patch Days as we do, hoping to reverse engineer Microsoft's patches to create new exploits. That seems to be exactly what happened in this case. The new attack in question arrives as a spam email containing a Word document attachment. If you open the Word document, it contains an ActiveX object that forces you to visit a malicious web site. The malicious web site then exploits one of the recent IE flaws to download and install malware onto your computer. According to Trend Micro, the malware seems to steal sensitive information from your computer, take screen shots of your desktop, and then sends that stolen information back to the attacker. It also appears to connect your computer to an HTTP-based botnet, which means the attacker can leverage your PC for future attacks. Shortly after Trend Micro uncovered this new attack, gray hats began posting public exploits for the same IE vulnerability to a popular exploit archive site. Most of these sample exploits are Proof-of-Concepts (PoC), meaning they only do things like spawning a calculator, or opening a reverse shell. However, it's trivial for malicious attackers to modify these PoCs, causing them to do much more evil things. So again, if you haven't applied Microsoft's February patches yet, this new attack should convince you to get to it as quickly as you can. Otherwise, your computer may become a drone in the latest botnet army. -- Corey Nachreiner, CISSP -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 202.175.47.74