A large scale SQL injection attack is surfacing today that can infect your computer with the Backdoor.Win32.Buzus.croo (a Trojan virus) as a drive by attack. Over 132,000 pages are showing signs of the malicious code according to Help Net Security So far, this attack is looking for many exploits to attack from:
- Integer overflow vulnerability in Adobe Flash Player, described in CVE-2007-0071.
- MDAC ADODB.Connection ActiveX vulnerability described in MS07-009.
- Microsoft Office Web Components vulnerabilities described in MS09-043.
- Microsoft video ActiveX vulnerability described in MS09-032.
- Internet Explorer Uninitialized Memory Corruption Vulnerability – MS09-002.
None of these patches are recent (the newest was published August 11th, 2009), so be sure to patch your computers. Managed IT Clients for ConnectWise, these patches have been pushed to your computers already, but if you have any questions, please contact the Help Desk.
Comments