WMF-Like Zero-Day Attack Underway
The first wave of drive-by downloads targeting a zero-day Internet Explorer flaw has started, using a mixture of hijacked Web servers and compromised sites. The attack comes less than 24 hours after Microsoft issued an advisory about this latest flaw. Apparently, this threat is supposed to grow significantly over the weekend, so be careful.
"Less than 24 hours after Microsoft issued an advisory with interim workarounds for IE users, malware hunters have started detecting drive-by downloads on more than 20 maliciously rigged Web sites.
eWEEK has seen a list of more than 20 unique domains and 100 unique URLs hosting the exploits, which are dropping a variant of SDbot, a dangerous family of backdoors that give hackers complete ownership of infected computers."