In volumeMicrosoft is warning that the volume of attacks in the wild targeting the Windows Help and Support Center vulnerability (CVE-2010-1885) has increased since the advisory was initially made public on June 10th. The Redmond company, which is actively monitoring the situation, has yet to provide a patch for the security flaw, however, workarounds are available for manual implementation in Microsoft Security Advisory (2219475). The Critical zero-day (0-day) Windows Help and Support Center vulnerability affects Windows XP and Windows Server 2003, but not the latest releases of Windows, including Windows 7 and Windows Vista.
Whereas initially the software giant only came across security researchers testing innocuous proof-of-concepts, as of June 15th, the company detected the first exploits for the vulnerability. “Starting last week, we started seeing seemingly-automated, randomly-generated html and PHP pages hosting this exploit. This attack methodology constitutes the bulk of attacks that have continued to flourish into this week,” revealed Holly Stewart, MMPC.
At the same time, new attacks also come with diversifies malware payloads, including, Trojan:Win32/Swrort.A, TrojanDownloader:Win32/Obitel.gen!A, Spammer:Win32/Tedroo.AB, Trojan:Win32/Oficla.M, TrojanSpy:Win32/Neetro.A and Virus:JS/Decdec.A. When the first exploits were detected, attackers were trying to spread Obitel, a piece of malware designed to allow additional samples of malicious code to be downloaded on infected machines.
“Most recently, downloads have run the gamut, varying in methodology (some direct downloads, but also some downloads involving single or double script redirects, which our products detect as TrojanDownloader:JS/Adodb.F and TrojanDownloader:JS/Adodb.G, and also varying in payload,” Stewart added.
Microsoft informed that most of the attacks against vulnerable versions of Windows are being detected in the United States, Russia, Portugal, Germany, and Brazil.