Trend Micro researchers have spotted a small-scale attack in the weekend that exploits an IE 7 flaw to install a spy software that looks similar to the one that was sent to pro-Tibetan groups in January 2008. The malware XML_Dloadr.a is triggered when the user is tricked to open a malicious Word document that arrives in spam and uploads stolen information on port 443 to a site in China which acts as the hackers command-and-control server.
Trend Micro says that there is a possibility that hackers have came up with a new exploit after Microsoft has patched a previously-unknown vulnerability as they know it takes users a while to patch, the most recent example being the Conficker worm. Even though Microsoft patched the vulnerability exploited by Conficker worm 4 months ago, the worm continued to spread to unpatched systems. Trend Micro warns users to patch systems with latest security updates as they consider this attack to be the forerunner of a larger campaign. Verisigns iDefense group too thinks that more attacks are likely and has alerted its customers.
Earlier Wolfgang Kandek, the chief technology officer at Qualys has called on Microsoft to cut the links between IE and Windows by patching IE separately and more often on a daily basis to protect users from attack. According to the security expert a browser is the heaviest used application that interacts with the Internet, and the most likely source of malicious content and that is why IE vulnerabilities should be given the highest priority and patched first.