Internet attack trackers and antivirus companies warn that a flaw in Internet Explorer 7 (but not earlier versions) that Microsoft just patched last week is under attack in the wild. The attacks appear to be targeted and small-scale right now, but will likely grow.
Trend Micro describes a somewhat roundabout attack that starts with an e-mailed .doc file that, when opened, exploits the MS09-002 vulnerability to download and install remote-control backdoor malware. Trend writes that this approach is likely part of a targeted attack.
Such assaults typically involve more legwork on the part of crooks to construct a realistic spam message that may appear to come from a co-worker, for instance, and have a poisoned .doc or other file attached. But the Internet Storm Center warns that while antivirus vendors currently only report .doc-using attacks, “there is absolutely nothing preventing attackers from using the exploit in a drive-by attack.” And they expect that to happen very soon.
The good news is that to protect yourself, you only need to make sure you’ve closed the hole by applying last week’s patch. It was distributed via Automatic Updates, so you can double-check that you got it by running Windows Update. Or head to the Microsoft security bulletin.
pradeep3100 said
Hi i am pradeep i read your article and it is really cool and awesome. Your Blog seem to be cool and Good theme too…This is my FIRST entry in having a blog I want to make new friends from all over the country and share my new experiences that i am going to have in my upcoming whole life.I think we can share everything and know more about each other….PLEASE HELP ME IN MAKING YOU AS MY FRIEND….hahaha…
i have added your link kindly visit my blog and add my link.