Holiday Attacks Target IE Browser, PHP Servers
The attack is described in detail and results in an arbitrary file being placed in the user's startup folder where it will be when the user restarts the system. According to the analysis, the attack does not lend itself to inclusion in a worm, but could be effectively used by spyware or adware to compromise a system.
According to the post, the exploit was released by Michael Evanchik and Paul from Greyhats Security, to spur Microsoft Corp. to secure Windows and the Internet Explorer browser more quickly. The message from Paul, suggested Windows users switch to the Mozilla project's FireFox browser to improve security.
The link for this article located at eweek.com is no longer available.