Last Updated: 2006-03-25 22:47:43 UTC
by Patrick Nolan (Version: 1)
Microsoft Updated Security Advisory (917077) (Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution) and says "Advisory updated with indication of limited attacks." In this instance, "attacks" = malicious websites. And speaking of attacks/malicious websites, the APWG January Phishing Trends Report (APWG Report graph below) was released and reports "The number of unique phishing websites detected by APWG was 9715 in January 2006, a huge increase in unique phishing sites from the previous two months.". I wonder if the authors of trojans that steal banking information are capable of deploying 9,715 "attack" websites a month with exploits for unpatched IE vulnerabilities? Handler Donald Smith mentioned how easy it'd be to spam links to the world. What's your IE threat analysis folks? Drop me a line!
Update - McAfee calls malware used with an exploit for this vulnerability PWS-PartyPooper.