New Attacks On Ie7 Go Wild

[Peaches]

New attacks on IE7 go wild

Info-stealing software remotely installed

By Dan Goodin in San Francisco

17th February 2009 23:11 GMT

Cybercriminals have begun attacking a critical hole that Microsoft patched in its Internet Explorer 7 browser last week, corroborating the company's warning that the vulnerability would be easy to exploit.The exploit code is spread through a booby trapped Word document that ultimately installs information-stealing malware on unpatched machines, according to researchers. The vulnerability is one of two IE flaws Microsoft patched last week. The company warned at the time that "consistent exploit code" for the remote execution flaws was likely.The attack is fairly primitive at the moment, because it involves the spamming of Word documents. Security experts expect that to change."There is absolutely nothing preventing attackers from using the exploit in a drive-by attack (and we can, unfortunately, expect that this will happen very soon)," Bojan Zdrnja, a handler at the Sans Internet Storm Center wrote here. He went on to say the exploit code was the result of reverse engineering Microsoft's patch.

The register: http://www.theregister.co.uk/2009/02/17/in...ttacks_go_wild/