[pchelpers] News:Hackers bypassing IE patch with Word bugs

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Mon, 22 Dec 2008 07:46:24 +1300

19 December 2008

By Gregg Keizer, Computerworld (US)

Attackers are exploiting the just-patched vulnerability in Internet
Explorer (IE) by hiding malicious ActiveX controls in Microsoft Word
documents, according to security researchers. 

"Inside the document is an ActiveX control, and in that control is a
line that makes it call out to the site that's hosting the malware,"
said David Marcus, the director of security research and communications
for McAfee's Avert Labs. "This is a pretty insidious way to attack
people, because it's invisible to the eye, the communication with the
site."
Embedding malicious ActiveX controls in Word documents isn't new -
Marcus said he had seen it "a time or two" - but using an ActiveX
control to ping a hacker's server for attack code is "definitely an
innovation," he added. "They're stepping it up."

More here:
http://www.techworld.com/news/index.cfm?RSS&NewsID=108625
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription