Software giant Microsoft has warned that cyber criminals are walloping a flaw in Windows XP.
Writing in its Security Blog, Microsoft said that it has now logged more than 10,000 attacks using the flaw as an attack vector. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said.
In the last week, attacks have picked up. They are being launched from malicious Web pages, are concentrated in the U.S., Russia, Portugal, Germany and Brazil. Russian and Portugues PCs are being hammered. Hackers are using the attack code to download different malicious programs, including viruses, Trojans and software called Obitel, which downloads more malware.
The flaw lies in the Windows Help and Support Centre software that comes with Windows XP. It was spotted by Google researcher Tavis Ormandy.
Ormandy created a bit of a storm by not giving Microsoft more time to patch the flaw. He told Redmond about it on June 5 and then told the world+dog about it five days later. He claimed that Redmond refused to fix the problem within 60 days.
It could be fixed in the next patch in a couple of weeks.