QuickTime 'abetted' hackers to attack users

Security firm Symantec said Thursday that hackers are taking advantage of deadly security flaws in QuickTime and WinZip to attack stolen personal information.

Symantec's security warning message confirms that the popular web attack method still applies in this user attack campaign. That's the way to use malicious websites to code code that exploits errors.

These malicious websites have been tampered with by "masked" hackers on a website of a well-known financial institution to easily trick users into accessing it. And while users still think that they are accessing a legitimate website, their PC has been infected with a potentially dangerous keylogger when receiving all actions from the keyboard.

Symantec discovered the attack earlier this week when a PC used as a decoy by the company was kidnapped.

" This attack has its own unique characteristics. They took advantage of the recently discovered QuickTime vulnerability and another bug in WinZip was discovered late last year as a means of attack. We never thought of it. that these errors have been exploited by hackers to attack users . "

Apart from the vulnerabilities in QuickTime and WinZip, there is another vulnerability in Microsoft's software that is also exploited in this attack.

The application developer has released an update that fixes these errors. Security companies recommend users to quickly download and install those patches.

Hoang Dung