About us
Contact us
RSS
Newsletters
Blogs
Video
Follow us on Twitter
EVENTS
TOPIC AREAS
RESOURCE CENTRE
News
19 December 2008
Hackers bypassing IE patch with Word bugs
Attackers are exploiting the just-patched vulnerability in Internet Explorer (IE) by hiding malicious ActiveX controls in Microsoft Word documents, according to security researchers.
"Inside the document is an ActiveX control, and in that control is a line that makes it call out to the site that's hosting the malware," said David Marcus, the director of security research and communications for McAfee's Avert Labs. "This is a pretty insidious way to attack people, because it's invisible to the eye, the communication with the site."
Embedding malicious ActiveX controls in Word documents isn't new - Marcus said he had seen it "a time or two" - but using an ActiveX control to ping a hacker's server for attack code is "definitely an innovation," he added. "They're stepping it up."
The rogue docments can be delivered as attachments to spam or offered up by hacked sites.
Attackers have been exploiting the IE bug since at least 9 December, when reports first surfaced about malicious code found in the wild and on several Chinese hacker servers. McAfee was one of the first security companies to report the emerging exploit.
Since then, Microsoft acknowledged the bug, then offered up a series of advisories urging users to take protective steps until a fix was available, and on Wednesday, Microsoft released the patch.
Although other researchers continue to claim that thousands of legitimate websites have been compromised, then used to serve "drive-by" attacks against unpatched browsers, Marcus wasn't certain about the numbers he's seen bandied about. "But absolutely, there's been a lot of activity around this," he said. "A lot of the bad guys have embedded IFRAMES in their sites to attack IE."
According to other reports, the IE exploit has been added to one or more multi-strike hacker toolkits that try several different exploits when users visit a compromised or malicious site. "If it's not in one of those yet, it probably will be," said Marcus. "Some of the exploits in those kits are years old, so a good one like this, unpatched until yesterday, will make its way into them."
Marcus recommended that users be cautious about opening Word documents, keep their security software up-to-date, and apply the IE patch as soon as possible.
Follow highlights from Techworld on Twitter
Stay Informed > Subscribe to our Newsletters
The UK IT News widget Get it for your site!
<<newer article | back to index | older article>>
close
close
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
close
- This article is now being printed.
close
What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.
close
What is this?
Click below to add 'Hackers bypassing IE patch with Word bugs' to your blog.
If you do not have a ComputerworldUK Account and would like to use this feature, please Register.
If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.
WHITE PAPERS
Seven Ways ITIL Can Help You in an Economic Downturn
- Learn more about how ITIL can help your business weather the economic storm, and how it can leave you better positioned for growth when the economy begins to rebound.
Make Compliance Work For You
-
Learn how to make compliance work for you, rather than the other way around, with this whitepaper form Oracle.
Recent Techworld features
- Can Linux distros survive Chrome OS?
- Will Chrome force a rethink on Windows?
- Vendors start making progress towards cloud communication
- Unified communications arena gets more crowded
- Say 'No' to SQL
Recent Techworld reviews
- AutoSave Encrypt
- VSS Monitoring 4x24 Distributed Filter Tap
- LG XD1 eSATA drive
- Asterisk 1.4
- Xandros Presto Linux
Latest PC Advisor news
- By Royal appointment: the Queen joins Twitter
- Twitter blocks users infected by Koobface
- Mobile phone directory site breaks down
- Datawind launches £159 UbiSurfer netbook
- NHS affected by more than 8,000 viruses
WHITE PAPERS
- Seven Ways ITIL Can Help You in an Economic Downturn
Learn more about how ITIL can help your business weather the economic storm, and how it can leave you better positioned for growth when the economy begins to rebound. - Make Compliance Work For You
Learn how to make compliance work for you, rather than the other way around, with this whitepaper form Oracle. - Modernizing IT: Strategies for Improving Service Quality and Reducing IT Costs
Working harder simply won’t get you there. No matter how many people you allocate, sinking more labour into old IT practices cannot concurrently meet rising demands on IT and cut costs. Read about cost-effective, automated ways to meet this challenge head-on in this whitepaper. - Security and Trust: The Backbone of Doing Business over the Internet
When shopping online, consumers are concerned about identity theft and are therefore wary of providing untrusted sources with their personal information, especially their credit card details. Find out how to gain the trust of online customers. - Business Continuity - Are you always open for business?
Business continuity is not an end in itself, but the key to improving performance. Oracle solutions for midsize organisations contribute by providing a secure, easily accessible, and always available information infrastructure thats's also simple and cost-effective to manage. This Oracle Business Brief explains how.
Techworld topic pages
|
|
- About Techworld | Contact | Privacy Policy | About IDG | All contents © IDG 2009 | webmaster@techworld.com
- Infoworld | Networkworld | Tecchannel | Techworld Netherlands | IT World Canada
Comments received
igmuska said on Sunday, 21 December 2008
Yesterday while ending process using CTRL+ALT+ESC (WinXP), I noticed WinWord running. I didn't think anything was unusual until reading your article. Thanks, I'll have to investigate further whether my computer is infected.