Security firm PandaLabs reported the emergence of Searchmeup, new malware that exploits the LoadImage vulnerability in Microsoft Internet Explorer.
The LoadImage vulnerability was discovered in December by Chinese Security Group Xfocus, and Microsoft issued a patch for it in January.
If left unpatched, the vulnerability can take advantage of a buffer overflow condition in the LoadImage API that allows an attacker to infect a machine by simply having a user visit a coded HTML page. The malicious code resides in cursors or image icons on the malicious Web page or HTML e-mail.
The Searchmeup malware component takes advantage of unpatched Windows PCs to
infect the user with any number of different malicious payloads, including
Trojans, keyloggers and dialers.
Searchmeup hijacks users’ browsers and specifies a search engine to change their default homepages to. The search engine then attempts to coerce users into downloading even more malware without knowledge.
“The appearance of Searchmeup is a sign of the continuous evolution of
malware, and of adware and spyware in particular,” Luis Corrons, director of
PandaLabs, said in a statement. “The first stage was that adware reached
computers as a component of a freeware application, then Web pages appeared
that installed adware on users’ computers using ActiveX. Now they have gone
a step further, as Searchmeup exploits a vulnerability that even virus
creators had not used until now.”
A Microsoft spokesperson was not available for comment by press time.
As always, users are advised to keep their PCs updated with the latest patches and most up-to-date virus/malware definitions.