New attack exploits an unpatched Microsoft vulnerability

PandaLabs detected some one hundred Web pages, mainly hosted in China, modified to infect users by exploiting an unpatched Microsoft vulnerability.

The vulnerability lies in the Microsoft Video ActiveX control component and mainly affects users of Internet Explorer 7 on Windows XP. Microsoft hasn’t yet released an official patch for this vulnerability, so users could be infected even though they have all previous security patches installed.

Microsoft has published a workaround for this flaw. In any event, PandaLabs advises users to keep an eye out for security fixes released by Microsoft to patch their systems against this vulnerability as soon as possible.

Through this exploit, several malware samples can be distributed. PandaLabs has found one sample which has been distributed this way: Lineage.LAC. A Trojan Horse which steals information and uses rootkit techniques.