New Attack Exploits Unpatched Vulnerability, According to PandaLabs
The vulnerability lies in the Microsoft Video ActiveX control component and mainly affects users of Internet Explorer 7 on Windows XP. Microsoft hasn’t yet released an official patch for this vulnerability, so users could be infected even though they have all previous security patches installed.
Microsoft has published a workaround for this flaw on its website: http://www.microsoft.com/technet/security/advisory/972890.mspx. PandaLabs advises users to keep an eye out for security fixes released by Microsoft to patch their systems against this vulnerability as soon as possible.
Through this exploit, several malware samples can be distributed. PandaLabs has found one sample which has been distributed via the Lineage.LAC. A Trojan Horse, which steals information and uses rootkit techniques.
“The real danger of this vulnerability lies in the fact that any user could be infected, despite having their operating system completely up-to-date,” explains
Panda Security’s laboratory is monitoring this vulnerability very closely. For more information about this infection, go to the PandaLabs blog: www.pandalabs.com
Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security’s new security model which can even detect malware that has evaded other security solutions.
Currently, 94% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.
More information is available in the PandaLabs blog: http://www.pandalabs.com
SOURCE Panda Security