Security researcher Mary Landesman said the attack appears to be a work-in-progress focusing on:
- Integer overflow vulnerability in Adobe Flash Player, described in CVE-2007-0071
- MDAC ADODB.Connection ActiveX vulnerability described in MS07-009
- Microsoft Office Web Components vulnerabilities described in MS09-043
- Microsoft video ActiveX vulnerability described in MS09-032
- Internet Explorer Uninitialized Memory Corruption Vulnerability – MS09-002
Successful exploit leads to the silent installation of Backdoor.Win32.Buzus.croo.
The Buzus family of trojans are typically engaged in credit card and other banking related theft.
http://blog.scansafe.com/journal/2009/12/9/318x-sql-injection-claims-125000.html
