patched in its Internet Explorer 7 browser last week, corroborating
the company's warning that the vulnerability would be easy to exploit.
The exploit code is spread through a booby trapped Word document that
ultimately installs information-stealing malware on unpatched
machines, according to researchers. The vulnerability is one of two IE
flaws Microsoft patched last week. The company warned at the time that
"consistent exploit code" for the remote execution flaws was likely.
The attack is fairly primitive at the moment, because it involves the
spamming of Word documents. Security experts expect that to change.
"There is absolutely nothing preventing attackers from using the
exploit in a drive-by attack (and we can, unfortunately, expect that
this will happen very soon)," Bojan Zdrnja, a handler at the Sans
Internet Storm Center wrote here. He went on to say the exploit code
was the result of reverse engineering Microsoft's patch.
The exploit code does have its innovations, however. It funnels
pilfered data to a website in China through an encrypted channel, for
instance. It also uses heavily obfuscated shell code and garbage
collection, presumably to cover tracks.
No comments:
Post a Comment