Hackers love to play cat and mouse with security firms. A case in point is the current Internet Explorer 7 unpatched vulnerability being exploited worldwide. On Tuesday, hackers waited until Microsoft released their monthly patches before revealing an undisclosed vulnerability in the web browser software, giving villains the maximum amount of time to compromise computers before users get patched up in 30 days. Sans Internet Storm Center has more details here.
Unsuspecting users need only visit a website and they are automatically compromised by the server. The exploit code takes advantage of a flaw in the XML handling parsers in IE and a trojan is downloaded without the user knowing. Right now, this trojan is looking for passwords to certain online games, and the exploit is targeting Chinese language users. But according to Microsoft, just about everyone with IE7 is vulnerable, including Vista users.
Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.
If you are an administrator of an enterprise and want to block the sites that are dishing out this malware, Shadowserver.Org has a list of urls here. But don’t go being foolish and visit any of the hosts listed because they are hosting active exploit code and will pwn you if you are using IE7. And judging by the list of servers, it seems that Baidu, the Chinese mp3 fileswapping servers, are the ones dishing out most of the badness.