Alerts
BOOKMARK THIS ALERT
digg
|
del.icio.us
|
reddit
newsvine
|
furl
|
technorati
Important Update on VML Exploit
Date:09.21.2006
Threat Type: Zero-Day Update
This is an update to earlier posts regarding the newest Microsoft Zero-Day exploit that is currently on the Internet.
see:
http://www.websense.com/securitylabs/blog/blog.php?BlogID=80
http://www.websense.com/securitylabs/blog/blog.php?BlogID=81
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=628
Websense Security Labs honey clients are currently scanning 80 + million websites per day to help discover sites that are distributing the zero-day code and/or are linked to sites that are. We are starting to see increased activity. Also we are seeing the addition of payload code that includes Trojan Horse Backdoors and code which is designed to steal information from the end-user or their machines (i.e. Crimeware).
We expect the numbers of sites to continue to grown and include additional nefarious aspects of malicious code with time. Several sites are publishing exploit example code (POC) that allows attackers to copy the attack for their own purposes. Also, indications are that the Web Attacker toolkit has been updated and, upon upgrading, could infect thousands of additional sites and users.
In addition, reports out of Australia CERT (see: http://www.auscert.org.au/render.html?it=6771) are that attacks are surfacing through emails with URL lures. We have confirmed this to be true and that this is using a modified version of the Web Attacker Toolkit. Regional attacks that use exploit code have been used in Australia in the past and this has the same characteristics as many of them. (see: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=415). They have also been widespread.
Below we have some examples of sites that are distributing the code or are pointing to sites that are distributing the code. DO NOT VISIT THESE SITES. YOU WILL BE COMPROMISED.
We will also have included a short video example of what an infection looks like on a fully patched Windows machine on our blog soon.