Cyber criminals are trying to gain
unauthorized access to PCs via security holes in
QuickTime and WinZip programs, security firm Symantec has
warned.
In its latest security alert, Symantec said
malicious websites have been modified to exploit security flaws
in both pieces of software. Although the flaws had been identified
early as last year, Symantec said that this is the first time they
had observed their use for hacking online.
The attacks work by placing malicious code with multiple
exploits on websites, Symantec said in a security alert. The sites
appear to be that of a trusted financial institution, but instead
attempt to silently install
keystroke-logging software, according to Symantec. Links to the
sites are likely to be advertised in spam, it said.
David Lacey's
security blog >>
The latest ideas, best practices, and business issues associated
with managing security
Symantec website
>>
Comment on this article:
computer.weekly@rbi.co.uk