Internet Security Systems - AlertCon(TM)

Uptick in QQPlayer Exploit in the Wild

Posted by Robert Freeman on January 08, 2007 at 4:36 PM EST.

QQPlayer, part of a Chinese application suite including instant messaging, has had an exploit for its ActiveX control circulating in the wild since late December. Recently we are seeing an uptick in its deployment amongst Asian sites. Since the application suite isn't particularly international, the vulnerability does not appear to have received much attention from other geographic regions. Obviously I have not used QQ software, but it makes me wonder what breakout of research time is typically spent on researching security flaws in local versus international products. Does this unknown statistic vary much from legitimate researchers compared to malicious hackers? Are localized products more secure or less secure than international products and how much is this influenced by researcher feedback? And a final question: do these statistics vary much from region to region? Hmm...

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.