Internet Security Systems - AlertCon(TM)

Software Developers Targeted by Web Exploit

Posted by Robert Freeman on November 02, 2006 at 11:33 AM EST.

The recent buzz around a vulnerable ActiveX component that ships with Microsoft's Visual Studio 2005 is interesting in that most Windows users are not vulnerable by default and I'm not even sure how many organizations have migrated to the 2005 edition. Another piece of significance relates to the actual vulnerability. The issue present with the WMI Object Broker is that it allows access to other objects that are normally restricted. As a result, those that enabled the protection were preemptively protected and it has provided a good opportunity to analyze trend data.

We initially saw an uptick in activity associated with this vulnerability on the 9th of October, with a strong peak on the 25th of October before declining. A significant amount of this traffic went to fdghewrtewrtyrew.biz where unprotected persons would have been infected by Trojan-Downloader.Win32.Tibs.iw. As is the case with all malware hosted on websites, this could change at any time. With Trojan-Downloaders, there is the added concern of pulling down more malicious "moving targets".

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.