Some days ago we have reported about vulnerability in the Microsoft Word. Malware which spreads via email is exploiting the vulnerability as a specially crafted MS-Word .DOC attachment.If the attachment is launched, this triggers a process which results in a backdoor being installed. Kaspersky lab released detection for the malware, a dropper and backdoor. As

Microsoft will release a patch against this problem in June, but even after that there are likely to be other attacks using other exploits. So let’s think a bit beyond the next couple of days on how to defend your network. User education is of course key, but likely insufficient. Attacks like that will use

Internet Storm Center reported about a new Word vulnerability being used. Exploit, using the vulnerability, has been sent as email attachment to specific individuals. The exploit functioned as a dropper, extracting a trojan byte-for-byte from the host file when executed. After extracting and launching the trojan, the exploit then overwrote the original Word document with

Michal Zalewski has discovered a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error in the processing of certain sequences of nested “object” HTML tags. This can be exploited to corrupt memory by tricking a user into visiting a

Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks. The vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files (“.swf”) in browser windows. This can be exploited to spoof the address bar in

BHO malware used IE vulnerability for install. Sans reported There are several sites that have been compromised and now contain the exploit code. These sites all run the exploit code and get a file called ca.exe which in turn gets a file called calc.exe and installs it. It is calc.exe that we want to focus

100 confirmed sites now using the IE vulnerability, as reported on security lists by Dan Hubbard (alert) at WebSense and Joe Stewart at Lurhq. These can be very nasty. SunBelt analysed one site – www(dot)textrum(dot)se (since shutdown): The exploit calls a file, updater.exe. It file is W32/Spybot (W32/Backdoor, Adware.NaviPromo.M) Norman sandbox report: Found Sandbox: W32/Backdoor;