Microsoft Help Center Zero-Day Exploits Loose

Heads-up for users still running Windows XP: The unpatched Help Center flaw revealed last week is now out in the wild and being used to launch malware attacks against target users.
This new zero-day exploit takes advantage of the vulnerability that exists in the Microsoft Windows Help Center, a default Microsoft application that allows users to access online documentation for Windows. This vulnerability could allow remote code execution if a user views a malicious website.
Based on the analysis of TrendLabsSM threat analyst Joseph Cepe, there are two ways in which a user can get infected as shown below.

The first method yields a prompt, which when clicked, redirects users to a compromised website that downloads a malicious JavaScript file. In this case, the compromised page is detected as TROJ_HCPEXP.A while the malicious script is detected as JS_HCPDL.A. This then downloads another file detected as TROJ_DROPPR.TEJ. This last malicious file drops multiple downloaders onto the affected system. In turn, these download a wide variety of malware onto affected systems (including, unsurprisingly, FAKEAV malware.)
The second method uses a more stealthy approach wherein the malware automatically performs the download without prompting the users to click anything. It instead runs Windows Media Player and automatically downloads a malicious Advanced Stream Redirector (.ASX) file, simple.asx. This .ASX file contains a (continue reading...)