Yesterday, Microsoft issued a security advisory for an unpatched and actively exploited invalid reference pointer vulnerability in the Internet Explorer 6 and 7 web browsers. In the attack we observed, the exploit code will load the TDSS.CQ trojan, which is designed to steal personal and sensitive data. Panda customers are already protected against the threat, but you can take additional steps to avoid it by using an alternative browser such as, Firefox, Opera, or by upgrading to Internet Explorer 8.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
9 comments
It was good
Does this exploit function correctly on IE6-sp1 under windows 98?
Does this vulnerability function properly on win-98 systems running IE6-sp1?
It’s really incredible how easy it’s to get infected when some viruses exploit a vulnerability in a web browser. Specially for scenarios where the active account has administration rights on the machine.
A little question: this virus do some kind of privilege escalation, in order to get admin privileges, or it just run with the same level of the current user?
In this case it runs with the same privileges of the current user.
98 Guy: I haven’t tested it on a 98 system, but I’m sure it would work.
Well guys i sorry tell you about this, but this exploit runs in IE6/7 with the SP1/2. i tested on a xp machine and a win98. And not depend of the windows you are using. Win, linux, and all of other of operative system with IE6/7 will be infected. And i can advise you to use IE8 or firefox.
Thank you all