It's Independence Day weekend in the United States and many folks are out at picnics, barbeques, and catching firework shows. However, some of us here in the security industry missed out on these events due a new exploit for a zero-day vulnerability in Microsoft's Video Streaming ActiveX control that we discovered in the wild right before the weekend started.
Windows XP users with Internet Explorer 6 and 7 are in danger, but those with Internet Explorer 8 installed are not vulnerable. Preliminary testing shows that computers running Windows Vista are not affected by the attack.
Since a patch is not available at this time, please update your Symantec products to catch the exploit, as well as the malicious files downloaded by the attack. The exploit files are detected as Downloader.Fostrem (previously detected as Downloader). The downloaded files are detected as Trojan Horse, Backdoor.Trojan, Infostealer, and Downloader. The following IPS signatures have been updated to catch the exploit traffic as well:
22920 - HTTP Malicious Toolkit Download Request
23086 - HTTP Malicious Toolkit Variant Activity
The 4th of July weekend is almost over and it's back to business as usual. Let's start off by updating our protection against this new vulnerability.