New Attack Singles out IE FlawFebruary 17, 2009 – 1:19 PM
Microsoft warned last week that it would be easy for cybercriminals to build new attacks using bugs it patched in the Internet Explorer browser; now that prediction has come true.
On Tuesday, security vendor Trend Micro said that it had spotted the first attack taking advantage of one of two flaws patched a week ago. Microsoft has said that either of these vulnerabilities would be easy to exploit in online attacks.
Over the weekend, Trend Micro researchers spotted what appears to be a small-scale, targeted attack that exploits the flaw to install spy software, said Paul Ferguson, a researcher with the antivirus vendor. “It installs a back door that uploads stolen information on port 443 to another site in China,” he said.