New Attack Exploits Unpatched Vulnerability, According to PandaLabs

July 7, 2009

GLENDALE, Calif., July 7 /PRNewswire/PandaLabs, Panda Security‘s malware analysis and detection laboratory has detected over one hundred Web pages, mainly hosted in China, modified to infect users by exploiting an unpatched Microsoft vulnerability. Users of Panda Security are protected against this threat thanks to TruPrevent proactive Technologies.

The vulnerability lies in the Microsoft Video ActiveX control component and mainly affects users of Internet Explorer 7 on Windows XP. Microsoft hasn’t yet released an official patch for this vulnerability, so users could be infected even though they have all previous security patches installed.

Microsoft has published a workaround for this flaw on its website: http://www.microsoft.com/technet/security/advisory/972890.mspx. PandaLabs advises users to keep an eye out for security fixes released by Microsoft to patch their systems against this vulnerability as soon as possible.

Through this exploit, several malware samples can be distributed. PandaLabs has found one sample which has been distributed via the Lineage.LAC. A Trojan Horse, which steals information and uses rootkit techniques.

“The real danger of this vulnerability lies in the fact that any user could be infected, despite having their operating system completely up-to-date,” explains Luis Corrons, Technical Director of PandaLabs. “They just have to visit an infected Web page, even a legitimate one, to fall victim to the infection. Thanks to our proactive technologies, users can surf the Web safely, without fear of becoming infected.”

Panda Security’s laboratory is monitoring this vulnerability very closely. For more information about this infection, go to the PandaLabs blog: www.pandalabs.com

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security’s new security model which can even detect malware that has evaded other security solutions.

Currently, 94% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: http://www.pandalabs.com

SOURCE Panda Security

Source: newswire

comments powered by Disqus