The malware attempted to install command and control software on the PCs of people who were not patched to correct the vulnerability in the malware.
The site is used by people who are applying for job-related compensation for workers in the energy field.
UPDATE: People using the IE (Internet Explorer) 8 browser are vulnerable to the exploit on the DOL web site. A module exploiting this bug is available for Metasploit. It is not clear whether this will be patched in the next Microsoft patch round, but a patch is not available as of this writing. IE8 users are urged to update to a current, fully patched version of IE.
UPDATE: The May 13 patch round will include a fix for this vulnerability for IE 8. A temporary work-around has been provided by Microsoft as well.
No comments:
Post a Comment