Malicious hackers are actively exploiting a security vulnerability in Microsoft products to “kidnap” numerous vulnerable systems for the purpose of building a botnet. 
Experts from Exploit Prevention Labs have warned that they have discovered several pieces of malicious code targeting a security flaw in MDAC (Microsoft Data Access Components) to “seed” botnet systems.
“I discovered at least three pieces of botnet-seeding code last week. This is a sign that at least three independent hacker groups have developed their own tools to exploit the MDAC security vulnerability,” said Roger Thompson, Chief Technology Engineer at Exploit Prevention Labs.
“As far as I know, up until now, no code has been widely published that proves capable of exploiting the MDAC security vulnerability. Typically, hackers would just cut and paste published snippets into their own exploit tools. However, it seems in this case they have reversed the patch development process,” Thompson stated.
The security vulnerability in MDAC was addressed by Microsoft through patch MS06-014, released in the April security update, which allows for remote code execution. This flaw arises in the ActiveX control RDS.Database, part of the ActiveX Data Objects that make up MDAC. A malicious attacker who successfully exploits this vulnerability could gain full control over the compromised system.
In the most recent attack, Thompson noted that Internet users face the risk of being attacked if they visit a “malicious” website or open an email message containing a downloader code that allows hackers to take control of their systems.
“Once the malicious downloader code is executed, the victim’s system is in the hands of the attacker. They will flood the victim’s system with spyware and fake anti-spyware programs. They do all of this solely for profit,” Thompson warned.
Exploit Prevention Labs’ intelligent network detected the code capable of exploiting the MDAC vulnerability related to a self-developed spyware toolkit called WebAttacker, which is being sold on a Russian website for $300. This toolkit comes pre-loaded with code to simplify attacks on vulnerable systems, along with spamming techniques designed to lure victims to their existing malicious websites.
Thompson indicated that the emergence of MDAC exploit code poses a serious threat to Windows users who have not installed Microsoft’s patch.
Thompson advises users to utilize the Automatic Updates feature to quickly install patches and updates to avoid being attacked.
Hoang Dung
