Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Hackers seize on newfound flaw in Windows

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Hackers seize on newfound flaw in Windows
Date: Fri, 30 Dec 2005 01:17:49 -0600 (CST) 
http://seattlepi.nwsource.com/business/253931_msftflaw30.html

By ROCHELLE GARNER
BLOOMBERG NEWS
December 30, 2005

A newfound flaw in Microsoft Corp.'s Windows operating system is being
used by hackers to install malicious code on personal computers.

Users can infect their computers by visiting certain Web sites that
are able to exploit some Windows-based applications, Internet security
company Panda Software said. It called the discovery "one of the most
serious vulnerabilities recently detected."

The flaw in the world's most popular software leaves PCs open to
adware and spyware as well as Trojans, which can hide damaging
programs.

Internet Explorer, Outlook and the Windows Picture and Fax viewer are
used to insert the potentially harmful code, said Patrick Hinojosa,
chief technology officer of Panda.

"Because this exploits particular programs on Windows, rather than
Windows itself, your machine can get infected simply by visiting a Web
site that's set up to exploit the flaw," Hinojosa said.

Microsoft is investigating reports of the problem, the company said on
its Web site. It hasn't yet developed a security patch, and recommends
that customers use caution and keep antivirus software up to date.

Panda found cases of infection almost immediately after the flaw was
first reported Tuesday, Hinojosa said.

Web sites exploiting the security lapse include toolbarbiz.biz and
buytoolbar.biz, Panda said. The sites are set up to install malicious
code by using the way applications process Windows Metafiles to show
images.

Microsoft has been working to improve the security of Windows, which
has come under attack from more than 17,000 computer viruses and
worms.

The latest vulnerability was found in Windows XP, Windows 2000 and
Windows NT systems. Panda said it is still testing Windows 98 for the
flaw.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Hackers seize on newfound flaw in Windows, InfoSec News <=
Previous by Date:  [ISN] REVIEW: "Degunking Your Email, Spam, and Viruses", Jeff Duntemann, InfoSec News
Next by Date:  [ISN] E-Transaction Law needed, InfoSec News
Previous by Thread:  [ISN] REVIEW: "Degunking Your Email, Spam, and Viruses", Jeff Duntemann, InfoSec News
Next by Thread:  [ISN] E-Transaction Law needed, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]