NEWS FROM THE LAB - Tuesday, September 21, 2004

Spam uses Drag and Drop vulnerability Posted by Katrin @ 17:42 GMT

A spam message containing link that leads to "click here to remove" page has been distributed largely.

In addition to the fact that it sends the user's email address to the spammers it also points to a web page that asks to scroll it. This page uses Drag and Drop vulnerability in Internet Explorer so when the page is scrolled, the exploit runs a proxy backdoor. Currently it downloads and runs Backdoor.Win32.Agent.ce but since it is controlled by the spammers it could be changed.