The vulnerability, codenamed CVE-2010-1885, lies in the Windows Help and Support Centre, and was identified of June 5 by a Google engineer. He then released details about the problem on June 9 before Microsoft’s official announcement on June 10, creating tensions between the two companies.
Microsoft claimed the Google employee did not give Microsoft enough time to tackle the problem, while the Google engineer said Microsoft would not confirm that it would solve the problem within 60 days, leading to him making the whole palava public. The engineer also found the 17 year old Windows kernel vulnerability back in January.
Since then, and particularly since June 15 when the first exploits using the vulernability were observed by Microsoft, over 10,000 different computers were attacked, some of them multiple times. In the last week the numbers have been growing sharply, forcing Microsoft to issue this latest announcement.
Microsoft identified that most of the attacks occured in the United States, Russia, Portgual, Germany, and Brazil.
The attacks began to use seemingly-automated, randomly-generated html and php pages which hosted the exploit. The attacks first downloaded Orbitel, a malware program that focuses on downloading other malware.
Recently Microsoft has detected a number of other infections that came as a result of the exploit, including TrojanDownloader:JS/Adodb.F, TrojanDownloader:JS/Adodb.G, Trojan:Win32/Swrort.A, TrojanDownloader:Win32/Obitel.gen!A, Spammer:Win32/Tedroo.AB, Trojan:Win32/Oficla.M, TrojanSpy:Win32/Neetro.A, and Virus:JS/Decdec.A
Microsoft has urged XP users to consider the countermeasures it posted in the Microsoft Security Advisory (2219475).