Zero day used for BOTs and Crimeware

Websense Security Labs is now tracking several dozen cases of websites which are using the WMF vulnerability. The sites are all using the IFRAME technique in order to run code on the end-users machine without their intervention. In every case these have been Trojan Horse Downloader's which use HTTP to download and run new code. Of the ones that we have finished researching they are all either installing other Trojan Horses or BOT's (mostly SDBots). This is different from the other sites we have identified in the past few days that are installing Potentially Unwanted Software. WebsenseŽ - Security Labs Alert: Zero-day used for BOT's and Crimeware

Linked by shanmuga Sunday, 1st January 2006 11:02PM