Active exploits targeting social networking ActiveX flaw

By
Follow google news

Users who remain vulnerable to an ActiveX photo uploader vulnerability used on many websites are now being targeted in active attacks, researchers from Symantec said today.


On Friday, researchers said they first noticed in-the-wild attacks taking advantage of the vulnerability, which has been patched, said Kevin Haley, director of product management for Symantec Security Response.

Under the attack scenario, individuals receive phishing emails that direct them to a bogus MySpace login page, Haley told SCMagazineUS.com today. Once there, the malicious sites search victims' computers to learn if they are vulnerable to the image uploader issue. If they are, the site attempts to install a medley of trojans.

“It's a double whammy,” he said. “It's going to try to steal your credentials [MySpace username and password] and it's going to try to download some malware on your machine.”

An Aurigma representative did not respond to a request for comment.

If users are not running the Aurigma software – or if their PCs are pached for the flaw – the sites will look for other vulnerabilities including a recently disclosed Yahoo Jukebox ActiveX flaw.

Haley said businesses might consider disabling ActiveX on their browsers, but ideally they should ensure their machines are running the latest fixes.

“Once the patches are available, you need to get them out,” he said. “The bad guys and the malware writers are where the users are, and today that's the social networks.”

See original article on scmagazineus.com

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
activeactivexexploitsflawnetworkingsecuritysocialsymantectargeting

Sponsored Whitepapers

The future of resilience: AI-Driven dynamic storage
The future of resilience: AI-Driven dynamic storage
5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure

Events

Most Read Articles

FBI remotely patched privately-owned routers to evict Russian GRU spies

FBI remotely patched privately-owned routers to evict Russian GRU spies
Dead cars tell tales by storing data that's never wiped

Dead cars tell tales by storing data that's never wiped
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks

AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?