SUBSCRIBE
13
0
Channel Strategy

With fix now out, Microsoft sees jump in XP attacks

Robert McMillan

Microsoft urged Windows users to update their software Tuesday, saying it’s now seen more than 25,000 attacks leveraging one of the critical bugs fixed in July’s monthly security patches.

Microsoft researchers tracked a “fairly large,” spike in Web based attacks that exploit the problem over the past weekend, the company said in a blog posting Tuesday. “As of midnight on July 12 (GMT), over 25,000 distinct computers in over 100 countries/regions have reported this attack attempt at least one time.”

On the busiest single day, Microsoft researchers tracked more than 2,500 attacks, a small number considering Windows’ massive user-base. Still, Microsoft and security experts are worried about this flaw because it’s been publicly known for more than a month, and has shown up in real-world attacks.

Users in Russia are now the most-targeted, Microsoft said. They have accounted for 2 percent of all attacks, which translates to about 10 times the total number of attacks per computer as the worldwide average. Portugal is the number-two most-targeted region.

Successful attacks secretly install malicious software on the victim’s machine, often a program called Obitel. Once Obitel is on a PC, it enables other malware to be loaded, such as malware that can log keystrokes, send spam, or perform other nefarious task.

Two weeks ago, the total number of attacks logged by Microsoft was 10,000.

Security experts say the flaw is being exploited in drive-by Web attacks that are triggered by malicious code placed on hacked or malicious Web sites, although it could also be triggered in other applications — e-mail readers, for example — that can interact with Web pages.

To protect themselves from these attacks, Windows users need to install the MS10-042 update, released Tuesday. It fixes a bug in the Windows Help and Support Center, which ships with Windows XP. Although this flaw also affects Windows Server 2003, Microsoft has only seen Windows XP attacks used by criminals.

More-recent versions of Windows such as Vista, Server 2008 and Windows 7 are not affected.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Robert McMillan
Robert McMillan
Previous article
Bing client for Android due within weeks
Next article
Intel to ramp up Sandy Bridge faster than expected

Related Tech News

Featured Tech Jobs

 

More from Robert McMillan

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.

SUBSCRIBE

Channel Daily News

Channel Daily News (CDN) — the voice of the IT solution provider community for more than thirty years — is the most widely read and trusted source of information for channel executives.

Latest news

IT World Canada fights for survival

Companies
Facing an unprecedented crisis, IT World Canada, a beacon...

Only 23 per cent of Canadians have a healthy relationship with work; AI can help, says HP

Artificial Intelligence
Artificial intelligence can be the key to unlocking better...

Government of Canada announces major broadband investments in the west

Communications & Telecom
The government of Canada has announced significant investments to...

Popular this week

HP enhances partner program, expands Amplify Impact

Artificial Intelligence Lynn Greiner -
Today at its Amplify Partner Conference, HP unveiled a...

Pilot cybersecurity training program for women to recruit third cohort

Careers & Education Howard Solomon -
A pilot program aimed at training women and non-binary...

Review: OnePlus 12 vs OnePlus 12R – A solid pair of devices

Mobility Lynn Greiner -
OnePlus is probably not the best-known phone brand in...

ITWC network