New attack singles out IE7 flaw

Trend Micro says it has spotted the first online attack based on a critical IE bug, patched last Tuesday.

Microsoft warned last week that it would be easy for cybercriminals to build new attacks using bugs it patched in the Internet Explorer browser; now that prediction has come true.

On Tuesday, security vendor Trend Micro said that it had spotted the first attack taking advantage of one of two flaws patched a week ago. Microsoft has said that either of these vulnerabilities would be easy to exploit in online attacks.

Over the weekend, Trend Micro researchers spotted what appears to be a small-scale, targeted attack that exploits the flaw to install spy software, said Paul Ferguson, a researcher with the antivirus vendor. "It installs a back door that uploads stolen information on port 443 to another site in China," he said.

Microsoft was unable to immediately comment on Trend Micro's report on Tuesday.

Although Ferguson does not know who wrote the attack code, he said that it looks similar to software that was sent to pro-Tibetan groups about a year ago, apparently for the purpose of intelligence gathering.

Both last year's attack and this latest malware are triggered when the user opens a malicious Word document. That document contains an ActiveX object that connects IE to a malicious Web site, which launches the attack and then installs the spy software.

The criminals don't need to use Word to exploit this flaw -- the attack would work if the victim were simply tricked into visiting a malicious Web site -- but this technique is consistent with past Tibet-focused attacks, Ferguson said.

Whether this will lead to more widespread Internet Explorer attacks is unclear, Ferguson said.

Verisign's iDefense group thinks that more attacks are likely. "Although this attack is limited in scope and will likely only be targeted to very few organizations, the availability of reliable exploit code will soon be discovered by others and these attacks will likely be widespread within a week's time," the company said in an alert sent out to customers Tuesday.

"Right now, we don't see any real proof of an ongoing campaign here," Ferguson said. "But ... it's very simple to mitigate this threat completely. You don't have to worry about antivirus protection: Just patch your machines."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags internet explorer 7

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?