Google

Hackers jump on newest IE7 bug



Attackers are already exploiting a bug in Internet Explorer 7 that Microsoft Corp. patched just last week, security researchers warned today.

Although the attacks are currently in "very, very small numbers," they may be just the forerunner of a larger campaign, said Jamz Yaneza, threat research manager at Trend Micro Inc. "I see this as a proof-of-concept," said Yaneza, who noted that the exploit's payload is extremely straightforward and explained that there has been no attempt to mask it by, say, planting a root kit on the victimized PC at the same time.

"I wouldn't be surprised to see this [exploit] show up in one of those Chinese exploit kits," he added.

The new attack code, which Trend Micro dubbed "XML_Dloadr.a," arrives in a spam message as a malicious file masquerading as a Microsoft Word document. If the fake document is opened, the exploit hijacks PCs that have not been patched with the MS09-002 security update Microsoft issued last Tuesday as part of its eight-patch February batch of fixes.

That update, which plugged two holes in IE7, was rated "critical" by Microsoft at the time.

"We first saw this over the weekend," said Paul Ferguson, an advanced threat researcher at Trend Micro. "But we're not sure if it's just a targeted attack or they're staging for something larger. It's hard to tell at the moment."

It's not unusual for hackers to swing into action with a new exploit only days after Microsoft has patched a previously-unknown vulnerability. "They know it takes users a while to patch," Ferguson added. "Even months after Microsoft patched, the Conficker worm was still able to infect millions of PCs because of lousy patching. That's not lost on the bad guys."

The "Conficker" worm, also known as "Downadup," continues to compromise millions of machines daily, even though, as Ferguson noted, Microsoft patched the vulnerability exploited by the worm nearly four months ago.

Yaneza and Ferguson speculated that the current attacks are precursors to a much larger assault that will revive a campaign that tempted users with news about Tibet. Those attacks, which Trend Micro reported in January 2008, share some characteristics with the newest exploits, including malware disguised as Word documents. Yaneza also said that it appears as though the hacker's command-and-control server is based in China, lending more credence to their theory.

"This is the 50th anniversary of the Tibetan freedom movement," said Ferguson, who said it's likely that a large-scale attack based on this exploit would use that news as bait. In 1959, when the People's Republic of China took full control of Tibet, the Dali Lama fled to India, where he is the head of a Tibetan government-in-exile.

One security expert has called on Microsoft to sever the links between IE and Windows to better protect users from attack. According to Wolfgang Kandek, the chief technology officer at Qualys Inc., people plug IE holes no faster than other critical Microsoft vulnerabilities, something that might change if Microsoft split the browser from the operating system and increased the frequency of its IE patches.

Taken from computerworld.com

[...]

Microsoft unveils Windows Mobile 6.5 OS

Don't call them Windows Mobile phones anymore. In announcing the latest revision of Microsoft's OS for handsets at Mobile World Congress today, MIcrosoft CEO Steve Ballmer said that henceforth, the devices will be known as Windows phones.


"It's a mouthful to say, 'You want a Windows Mobile phone?'" Ballmer said when asked about the decision to once again re-brand the OS, which has over the years been known as Windows CE and Pocket PC.

Ballmer's three main announcements to a crowd of journalists in Barcelona, Spain, had been widely leaked beforehand: Windows Mobile 6.5, a new version of the handset OS with a revamped, touch-optimized user interface; My Phone, an online backup and sync service for Windows phones, and the Windows Marketplace for Mobile app store.

My Phone and the Windows Marketplace will be accessible to Windows phones running Windows Mobile 6.5; Ballmer said support will be available via download, at the discretion of the vendor, to Windows Mobile 6.1 devices, but not to handsets running earlier versions of the OS.


Windows Mobile 6.5, which in addition to the new user interface sports an improved, more desktop-like browser, will make its debut later this year on handsets also announced on Monday, including the HTC Touch Diamond2 and the LG-GM730.

Interestingly, however, neither handset presents the new user interface unadulterated: Both HTC and LG have made changes they believe make the UI more user friendly. In fact, fiddling with the Windows Mobile UI is not uncommon, and Ballmer squirmed when asked how bothersome this was to Microsoft.

"It's not the area where I would have aspired to see the first add-ons," he admitted. But he said that with the new UI, Microsoft hopes to get more vendors on board without significant changes.
Taken From www.pcworld.com

[...]