The attack begins with a malicious .doc file downloaded from email
Security firm, Trend Micro, has pointed out a serious Internet Explorer 7 flaw even after Microsoft patched it last week. The attacks seem to be occurring on specific targets but have a potential to grow eventually. According to the Trend Micro Blog entry, the attack begins with a malicious .doc file downloaded from email. When opened, the malicious code 'XML_DLOADR.A' executes an ActiveX object and downloads to install a remote backdoor .dll (dynamic link library) file.
This backdoor .dll is capable of stealing information and another malicious script sends screenshots of infected system to remote location through port 443. The infected system with this backdoor .dll file makes anybody capable of running commands on the system, and may be, turn it into a zombie or Botnet for further attacks. Microsoft had released a critical security patch MS09-002 for the bug in IE7. This patch fixed the errors seen when deleted objects (files) were being looked for.
Our suggestion would be to update the security software with the latest virus database and download, and install latest security patches.