PandaLabs, Panda Security's malware analysis and detection laboratory, has detected several malicious files that are exploiting the latest vulnerability announced by Microsoft (MS08-067) to infect users and steal confidential data, including instant messaging passwords, and online login credentials.
The vulnerability affects Microsoft Windows 2000, Windows XP and Windows Server 2003. Individuals can check their systems here: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
The risk involved in this type of vulnerability is considerable. Users are strongly advised to update their systems as soon as possible, as cyber-criminals have already begun to exploit this security flaw. As long as computers remain unpatched, they will be vulnerable to any of these new malicious codes.
"In addition to email and infected downloads, these vulnerability-exploiting malicious codes are being distributed directly across the Internet, even from legitimate Web pages, so users won't even realize they have been infected," explains Luis Corrons, technical director of PandaLabs.
One particular strain of malware, which exploits this security hole, the Gimmiv.A Trojan, enables its creators to take complete control of the compromised system.
Once a computer has been infected, the Trojan starts gathering the following information:
- User names and passwords entered in Web pages
- MSN Messenger passwords
- Outlook Express passwords
- System user name
- Computer name
- Patches installed
- Information about the browser
All stolen information is encrypted using the Advanced Encryption Standard (AES) and sent to a remote server.
"As the Trojan allows systems to be controlled remotely, they can then be used maliciously, say, for sending spam or storing stolen data," explains Corrons. "Instant messaging is widely used in both corporate and domestic environments nowadays and this Trojan gives cyber-crooks complete access to information sent across this channel."
PandaLabs advises users to update their operating systems as soon as possible and carry out a full scan of their computers. This can be done for free here: http://www.pandasecurity.com/activescan
About PandaLabs
Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions. More information is available in the PandaLabs blog: http://www.pandalabs.com
About Panda Security
Panda Security is one of the world's leading IT security providers, with millions of clients around the globe and products available in over twenty languages. Our mission is to keep our customers' information and IT assets safe from security threats, giving them the most effective protection with the minimum resource consumption. |
Re: MS08-067 Exploited for Confidential Data Theft