Cyber Criminals Exploit Flaw in Microsoft Office Access Database

Cyber criminals are manipulating a bug in the database of Microsoft Office Access to embed illegal software on computers, the United States Computer Emergency Readiness Team (US-CERT) has alerted.

In the middle of December 2007, US-CERT in its cautionary alerted that infected phishing messages are trying to corrupt the computers of clients' who are duped into opening the malevolent files of Microsoft Access Database (MDB).

Opening the malevolent file could let clients to execute arbitrary code without any further contact. The malevolent program could then be exploited to gain illegal access into a client's machine so as to modify or erase data saved on the computer. Besides, these files could be utilized to transfer stored data to some other PC.

Firms normally ban the usage of .mdb files, but hackers could be utilizing it against a firm that is recognized to employ this specific file-type, stated Symantec's Senior Manager for security response, Ben Greenbaum, as reported by PCWorld on December 12, 2007.

Greenbaum said in another statement reported by ChannelWebNETWORK on December 12, 2007, that a hacker has to realize the fact that a firm has to utilize and share .mdb files jointly for a strike to be effective.

Microsoft's representative informed that the .mdb file type is an insecure file. Different Microsoft programs stop clients from opening this kind of file, or alert them prior to opening the file, reported ChannelWebNETWORK on December 12, 2007.

A message on Microsoft's site cautioned that .mdb files take into account the process of script embedding and are just meant for the operation of commands.

The capacity to execute script actions in programs can be an extremely forceful efficiency device that offers users immense flexibility in the way they use Microsoft merchandise to crack real life troubles. Then again, these very tools can be manipulated by a malevolent hacker to breach a client's PC, said the message.

Security researchers state that majority of the firms have systems ready to stop their staff from either transmitting or downloading .mdb files.

As per McAfee Avert Labs' Threat Research Manager, Craig Schmugar's statement to SCMagazineUS on December 13, 2007, the strikes apparently exploit either of the two unfixed Microsoft Jet Database flaws.

Related article: Cyber Child abuser Sentenced To Imprisonment

» SPAMfighter News - 12/26/2007