Thursday, December 18, 2008

Hackers Exploit IE Bug With 'Insidious' Word Docs

Gregg Keizer writes on ComputerWorld:

Attackers are exploiting the just-patched vulnerability in Internet Explorer (IE) by hiding malicious ActiveX controls in Microsoft Word documents, a security company said today.

"Inside the document is an ActiveX control, and in that control is a line that makes it call out to the site that's hosting the malware," said David Marcus, director of security research and communications for McAfee Inc.'s Avert Labs. "This is a pretty insidious way to attack people, because it's invisible to the eye, the communication with the site."

Embedding malicious ActiveX controls in Word documents isn't new -- Marcus said he had seen it "a time or two" -- but using an ActiveX control to ping a hacker's server for attack code is "definitely an innovation," he added. "They're stepping it up."

The rogue documents can be delivered as attachments to spam e-mail or offered up by hacked sites.

More here.


Post a Comment

<< Home