There have been several vml exploits found in the wild these past few weeks so I guess most of you are wondering what makes this one different.
Well, to begin with it tries to lure users to sites containing the exploit code by claiming that they’ve gotten a Yahoo! eCard. Once the user visits the site it downloads and installs several executable files one of which is already detected by Trend Micro Inc. as TROJ_BZUB.AW. The other files have already been submitted to the service team for processing. Hang on for updates on this.
In the meantime, you may read up on previous articles we’ve written regarding this exploit for tips, workarounds and other useful information about this vulnerability.
- New IE Zero Day Seen in the wild
- IE Zero Day + Web Attacker Kit
- Update on VML Exploit – IE 0-day
- Web-Attacker + IE 0-Day Stats!
Update (Sheryll Tiauzon, Tue, 26 Sep 2006 07:00:22 AM)
We’ve just received an update from the service team, the files will be detected as HTML_VMLFILL.C and BKDR_SMALL.DYZ.