Spyware, Bots, Rootkits Flooding Through Unpatched IE Hole
The newest zero-day flaw in the Microsoft Windows implementation of the Vector Markup Language is being used to flood infected machines with a massive collection of bots, Trojan downloaders, spyware and rootkits.
Less than 24 hours after researchers at Sunbelt Software discovered an active malware attack against fully patched versions of Windows, virus hunters say the Web-based exploits are serving up botnet-building Trojans and installations of ad-serving spyware.
"This is a massive malware run," says Roger Thompson, chief technical officer at Atlanta-based Exploit Prevention Labs. In an interview with eWEEK, Thompson confirmed the drive-by attacks are hosing infected machines with browser tool bars and spyware programs with stealth rootkit capabilities.
The laundry list of malware programs seeded on Russian porn sites also includes a dangerous keystroke logger capable of stealing data from computers and a banker Trojan that specifically hijacks log-in information from financial Web sites.
According to Sunbelt Software researcher Eric Sites, the list of malware programs includes VirtuMonde, an ad-serving program that triggers pop-ups from Internet Explorer; Claria.GAIN.CommonElements, an adware utility; AvenueMedia.InternetOptimizer; and several browser plug-ins and tool bars and variants of the virulent Spybot worm.