Product category:
Anti-virus and Anti-malware
News Release from: Websense | Subject: Anti-virus
Edited by the Manufacturingtalk Editorial
Team on 21 September 2006
VML zero-day vulnerability exposed
Websense Security Labs have confirmed multiple previously-known WebAttacker sites that are currently exploiting this vulnerability to install malicious software.
Websense Security Labs have confirmed multiple previously-known WebAttacker sites that are currently exploiting this vulnerability to install malicious software Since this exploit has been confirmed on multiple sites, Websense suspects that the WebAttacker toolkit has been updated to include this exploit
This article was originally published on Manufacturingtalk on 5 Sep 2006 at 8.00am (UK)
Related stories
Crimeware-Spreading Sites Surges to Record High
Anti-Phishing Working Group (APWG) Reports Crimeware Sites Up 40 Percent
We expect to see many of the several thousand WebAttacker sites begin to utilise the exploit, as they update to the latest release of the toolkit.
All sites known to be exploiting this code have been in the Malicious Web Sites category for several months.
To address any new sites that appear, Websense has issued a database update via Real-Time Security Updates (RTSU) to block the latest version of the WebAttacker toolkit.
While Websense has not discovered the exploit on any non-WebAttacker sites, it is monitoring for the exploit to appear at other locations and expects it will only be a matter of time before additional sites begin to utilise the exploit.
The attacks are originating from a series of Russian porn sites, with the goal of dropping malicious code onto Windows PCs to make them part of a botnet.
The attacks are targeting a buffer overflow caused by how Internet Explorer handles VML (Vector Markup Language) code.
• Websense: contact details and other news
• Email this article to a colleague
• Register for the free Manufacturingtalk email newsletter
• Manufacturingtalk Home Page
