Hole patched last week
If you are running a copy
of IE7 you might like to make sure that your patches are up to date. Cybercriminals are exploiting a critical hole in Internet Exploder that was
patched a week ago by Microsoft.
Security outfit Trend Micros said that the
malicious code, dubbed "XML_DLOADR.A," is hidden in a Word document. On
unpatched systems, when the file is opened an ActiveX object automatically
accesses a Web site to open a backdoor that installs a .DLL file that can steal
information. Once it has done all that it sends stolen data to another Web
address via port 443.
Anyone can run commands on the affected system, Trend
claims. Obviously they have not met my aunt who couldn't command her way out of
bed for 20 years. Anyway the hack appears to come from China..