VIA Root
VIARoot Security News Security alerts Business IT security Services Security Tools About VIARoot
Windows XP Zero-Day Flaw Used In 10,000 Attacks Worldwide
Search
Vulnerabilities Alerts
Windows Zero-Day Exploit Uses Shortcuts And USB Drives
 Windows
Hugo Jean, Heptacube Inc.
2010-07-16 15:42:51
The malware spreads through removable drives even if AutoPlay is disabled, installs rootkit on the computer.
Phishing On 15 US Banks Spreads With The Zeus Trojan
 phishing
Hugo Jean, Heptacube Inc.
2010-07-14 12:26:24
False 'Verified by Visa' and 'MasterCard SecureCode' pages harvest customers' personal data.
IT Directory
Wiseleap Solutions Inc.
Founded in 2005, Wiseleap Solutions Inc.'s mission consists in providing companies with the information necessary to make cri [...]
IT Ration Consulting Inc.
IT-Ration Consulting inc has been a NetSuite Partner since 2005 and helps your enterprise grow by aligning your Information T [...]
HumanWare
Empowering People Focused on enhancing the lives of people with visual and learning disabilities, HumanWare provide [...]
By Hugo Jean, Heptacube Inc.
 Windows
2010-07-06 14:35:51

One month after it has first been reported, a vulnerability in Windows XP's Help and Support Center has served in at least 10,000 attacks, according to Microsoft.
Holly Stewart writes on Microsoft's Technet blog that following Tavis Ormandy's public disclosure of the vulnerability on June 9th and Microsoft's own advisory on June 10th, they initially "only saw legitimate researchers testing innocuous proof-of-concepts." Real exploits were quickly spotted in the wild, though, and the number of attacks has become increasingly important towards the end of the month. "As of today [June 30th], over 10,000 distinct computers have reported seeing this attack at least one time."

In terms of attack volume, Portugal, Brazil, the United States, Russia and Germany have been hit particularly hard. The number of infections per a population of monitored systems, however, shows a rate of infection especially high in Portugal and Russia, with respectively ten times and eight times the world-wide average.

The exploit is used by hackers to distribute Trojans and other viruses. Techniques vary, some focusing on planting the Obitel Trojan (which downloads more malware to the affected machine), others "involving single or double script redirects, which [Microsoft] products detect as TrojanDownloader:JS/Adodb.F and TrojanDownloader:JS/Adodb.G, and also varying in payload."

Customers of Microsoft Security Essentials, Microsoft Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform are protected from these threats by updates released on June 10th. Others are advised to follow the workaround described in Microsoft's advisory.

These protections and workaround help, but Microsoft has not patched the exploit yet for all users. One can hope that July's Patch Tuesday, which is due next week, will plug this dangerous hole, as they have had a full month to work on the issue. The Security Bulletin Advanced Notification for July has not been published yet.

Reference 1: http://www.net-security.org/secworld.php?id=9515

Reference 2: http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx

Reference 3: http://www.microsoft.com/technet/security/advisory/2219475.mspx

Reference 4: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
Tags
exploit Microsoft SupportCenter Trojan WindowsXP 
Comments
Comment this post


No comment on this post.

© 2006-2010 Heptacube Inc.