ASUS GeForce RTX 4080 Noctua OC Edition review
MSI Clutch GM51 Wireless mouse review
ASUS ROG STRIX B760-F Gaming WIFI review
Asus ROG Harpe Ace Aim Lab Edition mouse review
SteelSeries Arctis Nova Pro Headset review
Ryzen 7800X3D preview - 7950X3D One CCD Disabled
MSI VIGOR GK71 SONIC Blue keyboard review
AMD Ryzen 9 7950X3D processor review
FSP Hydro G Pro 1000W (ATX 3.0, 1000W PSU) review
Addlink S90 Lite 2TB NVMe SSD review
New Exploit Targets IE7 Bug
We can;t say this enough, keep pathing up. It's a vicious cyberworld out there.
Cybercriminals are actively exploiting a critical vulnerability in Internet Explorer 7, which arises from the browser's improper handling of errors when attempting to access deleted objects. This vulnerability allows remote attackers to execute arbitrary codes on a vulnerable machine. The threat starts with a spammed malicious .DOC file detected as XML_DLOADR.A. This file has a very limited distribution script, suggesting it may be a targeted attack. It contains an ActiveX object that automatically accesses a site rigged with a malicious HTML detected by the Trend Micro Smart Protection Network as HTML_DLOADER.AS. HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS. This backdoor further installs a .DLL file that has information stealing capabilities. It sends its stolen information to another URL via port 443.
If you are current on your patches, you are fine. If not...well, you know the drill.
Analysis by Trend Micro researchers reveal that BKDR_AGENT.XZMS takes screenshots of the infected system and sends these screenshots to a remote malicious location. It also creates a hidden Internet Explorer window which connects to a website to listen for commands.
« Best Selling PC Games · New Exploit Targets IE7 Bug
· Intel goes after the money, sues NVIDIA »