Hackers bypassing IE patch with malicious ActiveX bugs in Word

Attackers are exploiting the just-patched vulnerability in Internet Explorer (IE) by hiding malicious ActiveX controls in Microsoft Word documents, according to security researchers. "Inside the document is an ActiveX control, and in that control is a line that makes it call out to the site that's hosting the malware," said David Marcus, the director of […]

Attackers are exploiting the just-patched vulnerability in Internet Explorer (IE) by hiding malicious ActiveX controls in Microsoft Word documents, according to security researchers.

"Inside the document is an ActiveX control, and in that control is a line that makes it call out to the site that's hosting the malware," said David Marcus, the director of security research and communications for McAfee's Avert Labs. "This is a pretty insidious way to attack people, because it's invisible to the eye, the communication with the site." Embedding malicious ActiveX controls in Word documents isn't new - Marcus said he had seen it "a time or two" - but using an ActiveX control to ping a hacker's server for attack code is "definitely an innovation," he added. "They're stepping it up."

Full Article

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.