Last Tuesday Microsoft released a Security Bulletin (MS09-002) for critical vulnerabilities which affected its Internet Explorer browser. The vulnerability exists because of improper error handling when accessing deleted objects and allows remote code execution through a specially crafted website.
This week a few websites in China started to actively exploit this vulnerability and the malware (jc.exe & wininet.dll) is detected as Spyware/Virtumonde. The websites involved in this example have been blocked by Panda’s Identity Protect Technology, which will block Panda's users before reaching the exploit sites.
We recommend applying Microsoft's patch immediately.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
