Hackers massively exploit Windows security flaws
Malicious hackers are actively exploiting a security flaw in Microsoft products to "kidnap" many systems that fail to build botnets.
Experts from Exploit Prevention Labs, a security firm, have warned that they have detected some malicious code targeting exploiting security flaws that arise in MDAC (Microsoft Data Access Components) to "seed" the systems. botnet.
" I have discovered at least three code snippets of botnet seeding over the past week. This is a sign that at least three independent hackers have developed their own MDAC security exploits tools ," he said. "Roger Thompson, chief technology officer at Exploit Prevention Labs, said.
" As far as I know, there has not been any code that has been proven to be able to exploit the widely published MDAC security flaw. Usually, hackers will just need to cut -and-paste the published code into their own exploit tool, but it seems that in this case they have reversed the patch development process , "Thompson said.
The security bug that arises in MDAC has been fixed by Microsoft through the patch MS06-014 released in April security update as a bug that allows remote code execution. This error arises in ActiveX RDS.Database control - part of the ActiveX Data Objects that constitutes MDAC. A malicious attacker who successfully exploits this security error can take over the entire control of the faulty system.
In the latest attack, Thompson said, Internet users must be at risk of being attacked if they visit a website or a "malicious" email message containing a downloader code that allows hackers. Control their system.
" Once the malicious downloader is downloaded, the victim's system has fallen into the hands of the attacker. They will fill the victim's system with spyware and fake antispyware programs. They do all that for the sake of making money , "Thompson warned.
Exploit Prevention Labs' intelligent network system has discovered code that can exploit MDAC errors related to the WebAttacker self-developed toolkit for sale on a Russian website for $ 300 . The toolkit has built-in code to simplify the attack on the system with errors and spam techniques to entice victims to access their available malicious websites.
Thompson said the appearance of the MDAC error exploit code is a serious threat to Windows users who have not yet installed the Microsoft patch.
Thompson recommends that users use the Automatic Updates feature to quickly install new patches and updates to avoid attacks.
Hoang Dung
- Hackers exploit new Windows vulnerabilities
- Cisco has to fix product security
- Disseminate dangerous code to exploit Windows errors
- Cisco warns 2 serious security errors
- Microsoft opens its own website for hackers
- QuickTime 'abetted' hackers to attack users
- Users are the central target of hackers
- Windows Service Pack 2: a new security error
- Microsoft will fix the Windows vulnerability next week
- D-Link product has a buffer overflow error
- Hackers disseminate web browser security flaws
- Appears deadly exploit code for Vista and XP