The Bat! users: safe from yet another Outlook vulnerability

New reports on Microsoft Outlook vulnerability came on January, 15. BitDefender reports the unsolicited message directs users to apply a new set of settings to their mailboxes to update several ‘security upgrades’ that have been applied. The link in the email leads towards a Web page with Microsoft Office logos and instructs users to download and launch an executable file that will supposedly update their email settings.

Instead, they receive a potent malware cocktail, including Trojan.SWF.Dropper.E, a generic detection name for a family of Trojans sharing similar behavior. They are Flash files, which usually do not display any relevant images/animations, but drop and execute various malware files (by exploiting Adobe Shockwave Flash vulnerability). The dropped files may be subject to change and different variants can drop and execute different malware programs.

Moreover, there's a new vulnerability detected in Internet Explorer. The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution. One of the mitigating factors is the possibility to be attacked if clicking a link contained in a message received via Microsoft Outlook.

By tradition, RITLabs reminds its clients that The Bat! benefits of a great variety of its own mechanisms of email processing. Thus, link processing mechanism essentially differs from the one used by Microsoft Outlook. Therefore, The Bat! users should not be afraid that this problem affects them.

To find out more about this vulnerabilities click or