Active exploits targeting social networking ActiveX flaw

Powered by SC Magazine
 

Users who remain vulnerable to an ActiveX photo uploader vulnerability used on many websites are now being targeted in active attacks, researchers from Symantec said today.

On Friday, researchers said they first noticed in-the-wild attacks taking advantage of the vulnerability, which has been patched, said Kevin Haley, director of product management for Symantec Security Response.

Under the attack scenario, individuals receive phishing emails that direct them to a bogus MySpace login page, Haley told SCMagazineUS.com today. Once there, the malicious sites search victims' computers to learn if they are vulnerable to the image uploader issue. If they are, the site attempts to install a medley of trojans.

“It's a double whammy,” he said. “It's going to try to steal your credentials [MySpace username and password] and it's going to try to download some malware on your machine.”

An Aurigma representative did not respond to a request for comment.

If users are not running the Aurigma software – or if their PCs are pached for the flaw – the sites will look for other vulnerabilities including a recently disclosed Yahoo Jukebox ActiveX flaw.

Haley said businesses might consider disabling ActiveX on their browsers, but ideally they should ensure their machines are running the latest fixes.

“Once the patches are available, you need to get them out,” he said. “The bad guys and the malware writers are where the users are, and today that's the social networks.”

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1094

Vote