PandaLabs discovers vulnerability in Access used to infect computers

PandaLabs, Panda Security’s malware detection and analysis laboratory, has discovered a new vulnerability in Microsoft Access. This is a similar security problem to the one discovered a few months back, categorized as CVE-2007-6026. The newly discovered flaw also affects the msjet40.dll library, albeit at a different point.

The problem is exacerbated by the fact that cyber criminals are already actively using this security hole to install malware silently on computers. Specifically, PandaLabs has detected that it is being used to distribute the dangerous Keylogger.DB trojan, designed to steal confidential data by logging users’ keystrokes.

This security hole is exploited through maliciously-crafted Access files(.mdb), embedded with malicious code.

According to Luis Corrons, technical director of PandaLabs: “Whenever a vulnerability of this type appears, cyber-crooks will try to take full advantage of it. We can therefore expect to see more malicious Access files in circulation that contain not only this trojan, but also other types of threats”.

To avoid falling victim to this security problem, PandaLabs advises users not to open suspicious files received or downloaded from the Internet, and to keep their security solutions up-to-date, especially since there is currently no patch available to resolve this vulnerability.