Web Attackers Train Guns on Patched Windows MDAC FlawBy Ryan Naraine | Posted 2006-06-08 Email Print
At least three different hacking groups are actively exploiting a patched Windows vulnerability to seed botnets for malicious use. Users are strongly urged to apply Microsoft's MS06-014 update.Malicious hackers are actively exploiting a flaw patched by Microsoft in its April batch of bulletins to hijack computers for use in botnets, according to a warning from malware hunters.
Researchers at Exploit Prevention Labs, an Atlanta-based Internet security outfit, said several bot-seeding scripts are targeting the MDAC (Microsoft Data Access Components) flaw covered in the software maker's MS06-014 bulletin.
"I've seen three different scripts in one week. That's an indication that at least three different [hacker] groups have independently worked out their own exploit," said Roger Thompson, chief technical officer at Exploit Prevention Labs.
"As far as I know, there has been no published proof-of-concept for this exploit. Usually, they will simply copy and paste a published exploit with their own payload. But, it looks like they are now reverse-engineering the patches themselves," Thompson said in an interview with eWEEK.
The flaw is a remote code execution bug that exists in the RDS.Dataspace ActiveX control that is provided as part of the ActiveX Data Objects distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
In the latest attacks, Thompson said, Internet users can become at risk by simply browsing to a maliciously rigged Web site or opening a specially crafted e-mail message.
Read the full story on eWEEK.com: Web Attackers Train Guns on Patched Windows MDAC Flaw