Huge Increase Seen in Attacks on Windows Help Center Flaw

Attackers are ramping up their attempts to exploit the recently disclosed vulnerability in the Windows Help and Support Center in Windows XP. There have been targeted attacks against the flaw for two weeks now, but experts have noticed a major increase in the volume and spread of them in recent days.

Attackers are ramping up their attempts to exploit the recently disclosed vulnerability in the Windows Help and Support Center in Windows XP. There have been targeted attacks against the flaw for two weeks now, but experts have noticed a major increase in the volume and spread of them in recent days.

Microsoft’s security group has been looking at data coming back from machines running the company’s anti-malware software, as well as from other data sources, and found that attacks against the Windows Help and Support Center flaw have been increasing dramatically over the last few days. Since the first targeted attacks against the vulnerability began in mid-June, the volume and diversity of exploitation attempts has been on the rise, Microsoft said.

According to Microsoft’s data on the attack, more than 10,000 unique machines have seen this attack at least once. And that data obviously isn’t comprehensive, as it typically just includes data sent back from PCs running Microsoft’s security software. But the company added that the attacks also have been widely distributed around world, with the U.S., Russia, Germany and a few other countries seeing the most attacks so far.

The company said that most of the original attacks included one payload, a piece of malware called Obitel that serves as a downloader for subsequent malware installations. But the current wave of attacks has a number of different payloads, including a couple of Trojan downloaders that end up on victim machines after several script redirections.

Microsoft has released a FixIt tool for the Windows Help and Support Center flaw, a weakness that also affects Windows Server 2003. The company has not yet released a patch for the vulnerability, which was disclosed in early June.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.