Trojan exploits unpatched IE flaw
According to rumours, Microsoft released an emergency out-of-cycle security patch because of a Trojan that exploits an unpatched IE hole. The Delf-DH Trojan downloader uses an Internet Explorer vulnerability to infect unprotected Windows users who vist maliciously constructed websites. Delf-DH downloads other malware onto infected machines changing settings in order to monitor user activity and redirect surfers onto porn sites.
The attack relies on a flaw in the way IE handles requests to the window() object, highlighted by proof-of-concept code last week and now used in anger by VXers. Even fully patched Windows 2000 and Windows XP systems are vulnerable. Until a patch is available to address this vulnerability, US-CERT strongly encourages Windows users to disable Active Scripting.
Comments
Be the first to write a comment
You must me logged in to write a comment.