Everyone pretty much considers malware as some program/code that does harm to one’s computer. That’s only part of it with this new type of malware discovered by Symantec. This server is actually able to analyze which web browser you are using, and then upon identifying that, it will launch exploits specifically targeted towards that browser. With malware now having reconnaissance capabilities, it is all the more important to keep everything you have on your computer updated.

Virus hunters at Symantec have stumbled upon a malicious server using an attack framework that intelligently chooses exploits based on the client’s browser.

This is the first sign of the type of reconnaissance attacks predicted by by white hat researchers (See: Do you know what’s leaking out of your browser?) and signals a new level of sophistication in the exploit packs powering drive-by malware downloads.

Symantec virus analyst Darren Kemp said the malicious server (which is currently up and running) was discovered by one of the company’s DeepSight Honeypot. The server is hosting exploits for several several high-profile vulnerabilities, including the Windows animated cursor (.ani) flaw patched by Microsoft earlier this year.

Here’s the blow-by-blow of the attack:

> Upon connecting to the malicious site, an immediate attempt is made to exploit the moldy old MDAC RDS.Dataspace ActiveX control vulnerability.[more]

Tags: Malware