“Inside the document is an ActiveX control, and in that control is a line that makes it call out to the site that’s hosting the malware,” said David Marcus, the director of security research and communications for McAfee ‘s Avert Labs. “This is a pretty insidious way to attack people, because it’s invisible to the eye, the communication with the site.”
Embedding malicious ActiveX controls in Word documents isn’t new — Marcus said he had seen it “a time or two” — but using an ActiveX control to ping a hacker’s server for attack code is “definitely an innovation,” he added. “They’re stepping it up.”
The rogue docments can be delivered as attachments to spam e-mail or offered up by hacked sites.
Attackers have been exploiting the IE bug since at least Dec. 9 , when reports first surfaced about malicious code found in the wild and on several Chinese hacker servers. McAfee was one of the first security companies to report the emerging exploit.
Wednesday, the company released the patch .
Although other researchers continue to claim that thousands of legitimate Web sites have been compromised , then used to serve “drive-by” attacks against unpatched browsers, Marcus wasn’t certain about the numbers he’s seen bandied about. “But absolutely, there’s been a lot of activity around this,” he said. “A lot of the bad guys have embedded IFRAMES in their sites to attack IE.”
According to other reports, the IE exploit has been added to one or more multistrike hacker toolkits that try several different exploits when users visit a compromised or malicious site. “If it’s not in one of those yet, it probably will be,” said Marcus. “Some of the exploits in those kits are years old, so a good one like this, unpatched until yesterday, will make its way into them.”
Marcus recommended that users be cautious about opening Word documents, keep their security software up-to-date, and apply the IE patch as soon as possible.
Computerworld is an InfoWorld affiliate.
This story, “Hackers exploit IE bug with ‘insidious’ Word docs” was originally published byComputerworld.
- Two Trend Micro zero-days exploited in the wild by hackers
- Slack fixes vulnerability exploitable for session hijacking, account takeovers
- GM embraces white-hat hackers with public vulnerability disclosure program
- As people start working remotely, hackers are trying to exploit our anxieties
- Hackers invent new Android ‘attack’ that lets them log into your Facebook account – how to stay safe
- Microsoft warns of Windows zero-day exploited in the wild
- Sick coronavirus scam lets hackers hijack computers of people searching for COVID-19 symptoms
- Rendering bug crashes OS X, iOS apps with string of Arabic characters (Updated)
- Best TV to Watch/Stream in April: Beasties Doc, ‘Run,’ ‘Mrs. America’
- Young people CAN get severe coronavirus and must stop going to the pub, top docs warn
Hackers exploit IE bug with 'insidious' Word docs have 538 words, post on www.infoworld.com at December 19, 2008. This is cached page on ReZone. If you want remove this page, please contact us.