IE CreateTextRange vulnerability - New trojans emerge
A few overnight developments are summarized below:
It should be noted that zero-day exploits are termed as such because the unpatched vulnerability and its corresponding exploit code are released within the same day. This may pose as a dangerous situation in which a lot of computers may be affected due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it. Thus, Trend Micro recommends that users avoid visiting Web sites of questionable origin to help prevent possible infection of this malware.
Downloader-AVK - IE CreateTxtRange based trojan
This trojan was discovered in connection with the Exploit-CreateTxtRng trojan . A hacked webserver contains exploit script, which results in a file named ca.exe being downloaded from another hacked webserver. ca.exe is Downloader-AVK This trojan simply attempts to download an execute another trojan calc.exe from the same compromised webserver. calc.exe is a new password stealing trojan, PWS-PartyPooper .
This trojan was discovered in connection with the Downloader-AVK trojan , which was installed via the Exploit-CreateTxtRng trojan. This password stealing trojan scans your system for stored passwords and monitors the websites that you visit for the purpose of sending all this information to the trojan author/distributor.
The following is an advisory reflecting the latest information and guidance by Microsoft:
Microsoft Security Advisory (917077) -Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution