The attacks involverigged with multiple exploits, Symantec said in a security alert. The sites appear to be that of a trusted financial institution, but instead attempt to silently install keystroke-logging software, according to Symantec. Links to the sites are likely advertised in spam, it said.
Symantec discovered the attacks when one of the PCs that it uses as bait was breached earlier this week.
"This compromise was especially interesting, because the site made use of a QuickTime vulnerability discovered in January 2007 and a WinZip vulnerability discovered in November 2006," Symantec said. "Before our analysis, it was not known that these issues were being exploited in the wild."
In addition to theand WinZip flaws, the miscreants tried to breach the Symantec system via a pair of holes in Microsoft software, Symantec said. are available. Symantec's compromised machine was not patched, running Windows XP with Service Pack 1.
Online criminals typically use ain an attempt to break into a computer. There are even toolkits available to with a few mouse clicks.
"This discovery highlights both the importance of having a prompt patching schedule and the fact that attackers are keeping up with the times and constantly updating their attack strategies to help ensure ongoing success," Symantec said.