Microsoft Video ActiveX Exploit
This exploit involves drive-by attacks originating from thousands of newly-compromised websites. These websites transfer malware to the victim computer through a vulnerable DLL in Microsoft DirectShow video streaming software. Exploit code is currently available in the wild and there is no patch available at the time of this writing.

Attack Details
This attack affects the following operating systems:
  • Windows XP Service Pack 2 and Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
The attack works in the following way:
  1. The user visits (or is redirected to) either a legitimate website that has been infected or an entirely malicious website. In either case, the website hosts a JavaScript file and a data file that allow the hacker to exploit the vulnerability that exists in Microsoft DirectShow.
  2. Computers with the affected OS and IE browser versions and the DirectShow ActiveX plug-in (msvidctl.dll) receive a malicious payload via drive-by. (This drive-by is undetectable to the user.)
The malicious payload allows the attacker to gain the same user rights as the local user. Such rights give the attacker a range of abilities such as downloading more malicious programs, redirecting a victim's Web searches, and intercepting information that the user types or keeps on the computer.

Protection Details
At the time of this writing no patch is available from Microsoft. Check Point offers immediate, preemptive protection for both its enterprise and consumer customers:

ZoneAlarm Customers:
If you are running ZoneAlarm® ForceField™ browser security technology (included in ZoneAlarm Extreme Security), you are already protected.

NOTE: If you are running ZoneAlarm Extreme Security, you must turn ON ForceField virtualization.

Users who lack protection are invited to download a 15-day trial version of ZoneAlarm Extreme.

How to turn on virtualization:
  1. Step 1: Open ZoneAlarm Extreme Overview Panel. Double-click on the ZoneAlarm icon in your system tray.
  2. Step 2: From the list of features, click "Browser Security"
  3. Step 3: Click on "Settings" in the Browser Security Overview Panel
  4. Step 4: Click "Advanced" tab and check the box "Enable Virtualization"

Need Protection?

Extreme Security

INCLUDES: ZoneAlarm ForceField and ZoneAlarm Internet Security Suite
Plus: Online Backup and PC Tune-up
    BUY NOW