Beginning July 5th, compromises of several high profile Chinese websites began delivering exploit code targeting a zero day vulnerability in Microsoft DirectX. The vulnerability resides in quartz.dll, a dynamic link library used by DirectShow, a component of Microsoft DirectX versions 7.x - 9.0c (found on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2). For details on the specific vulnerability, see CVE-2009-1537.

Successful exploit results in the installation of a backdoor trojan dropper. Malware domains involved in the attacks are 3b3.org and vip762.3322.org.

Though currently this particular attack appears to be confined to China, the active in-the-wild exploit of a zero day vulnerability in a widely used application is cause for concern. If history is any indication, it can be anticipated that other attackers will quickly begin using this zero day exploit in other parts of the world.