MS Access Vulnerability Being Used to Infect Computers

A new vulnerability in Microsoft Access has been discovered by PandaLabs. This is a similar security problem to the one discovered a few months back, categorized as CVE-2007-6026. The newly discovered flaw also affects the msjet40.dll library, at a different point.

The problem is exacerbated by the fact that cyber criminals are already actively using this security hole to install malware silently on computers. Specifically, it is being used to distribute the dangerous Keylogger.DB Trojan, designed to steal confidential data by logging users' keystrokes.

This security hole is exploited through maliciously-crafted Access files (.mdb), embedded with malicious code.

According to Luis Corrons, technical director of PandaLabs, "Whenever a vulnerability of this type appears, cyber-crooks will try to take full advantage of it. We can therefore expect to see more malicious Access files in circulation that contain not only this Trojan, but also other types of threats."

To avoid falling victim to this security problem, users are advised not to open suspicious files received or downloaded from the Internet, and to keep their security solutions up-to-date, especially since there is currently no patch available to resolve this vulnerability.