CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 4th, 2010

Zero-Day Internet Explorer Vulnerability Exploited In Targeted Email Attacks

Symantec warns that a 0-day vulnerability, affecting stable versions of Internet Explorer, is being exploited in a sophisticated attack, which targets key people in various organizations.

The attack begins with fake emails posing as hotel reservation notifications. “About the hotel room, please take the attached list for booking [link],” part of the rogue messages read.

The link directs recipients to a page hosted on a compromised, but legitimate website, which checks their operating system and browser version.

Only users running Windows XP and Internet Explorer 6 or 7 get redirected to the exploits. Others are sent to a blank page.

Successful exploitation results in a trojan being installed on the computer. The malware registers itself as a service called “NetWare Workstation” and opens a backdoor.

It reports back to the attackers and downloads encrypted files with commands from a compromised server in Poland.

“Looking at the log files from this exploited server we know that the malware author had targeted more than a few organizations,” Symantec researchers revealed.

“The files on this server had been accessed by people in lots of organizations in multiple industries across the globe,” they added.

Microsoft has confirmed the existence of the vulnerability and has published a security advisory with mitigation instructions.

“Impacted versions include Internet Explorer 6, 7 and 8, although our ongoing investigation confirms that default installations of Internet Explorer 8 are unlikely to be exploited by this issue.

“This is due to the defense in depth protections offered from Data Execution Prevention (DEP), which is enabled by default in Internet Explorer 8 on all supported Windows platforms,” Jerry Bryant, manager of response communications at Microsoft, explained.

Internet Explorer 9 Beta is not vulnerable and the company has since released a Fix It tool to help users apply the workaround until a permanent patch becomes available.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • Internet Explorer 0-day Malware Infects Amnesty International Hong Kong Website Visitors
  • Critical 0-day Vulnerability In Internet Explorer 6 And 7, Exploit Already Published
  • Zero-day Microsoft Windows NSlookup.exe Vulnerability Exploited In The Wild
  • 0-day Vulnerability In Internet Explorer 6, 7 And 8 Exploited In Recent Chinese Attack
  • 0-Day Vulnerability In Internet Explorer 6, 7 and 8, Exploit Code Already Released

    • Posted in Malware, Microsoft, Spam, Targeted Attacks, Vulnerabilities, Windows | Print This Post Print This Post

    This entry was posted on Thursday, November 4th, 2010 at 5:44 am and is filed under Malware, Microsoft, Spam, Targeted Attacks, Vulnerabilities, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Zero-Day Internet Explorer Vulnerability Exploited In Targeted Email Attacks

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »