Site icon Panda Security Mediacenter

New attack exploits an unpatched Microsoft vulnerability

– Panda Security users are protected against this threat thanks to TruPrevent proactive technologies
 

PandaLabs, Panda Security’s laboratory for detecting and analyzing malware, has detected some one hundred Web pages, mainly hosted in China, modified to infect users by exploiting an unpatched Microsoft vulnerability.

The vulnerability lies in the Microsoft Video ActiveX control component and mainly affects users of Internet Explorer 7 on Windows XP. Microsoft hasn’t yet released an official patch for this vulnerability, so users could be infected even though they have all previous security patches installed.

Microsoft has published a workaround for this flaw on its website: http://www.microsoft.com/technet/security/advisory/972890.mspx.

In any event, PandaLabs advises users to keep an eye out for security fixes released by Microsoft to patch their systems against this vulnerability as soon as possible. Through this exploit, several malware samples can be distributed.

PandaLabs has found one sample which has been distributed this way: Lineage.LAC. A Trojan Horse which steals information and uses rootkit techniques.

Users of Panda Security are protected against this threat thanks to TruPrevent proactive technologies.

“The real danger of this vulnerability lies in the fact that any user could be infected, despite having their operating system completely up-to-date. They just have to visit an infected Web page, even legitimate ones, to fall victim to the infection”, explains Luis Corrons, Technical Director of PandaLabs. “Thanks to our proactive technologies, users can surf the Web safely, without fear of becoming infected”.

Panda Security’s laboratory is monitoring this vulnerability very closely. For more information about this infection, go to the PandaLabs blog. www.pandalabs.com

Exit mobile version