Hackers exploit latest IE zero-day with drive-by attacks
- 11 March, 2010 06:26
- Comments
Hackers are exploiting the just-disclosed unpatched bug in Internet Explorer (IE) to launch drive-by attacks from malicious Web sites, security researchers said today.
"This attack appears to be rather targeted at the moment, but as with other unpatched vulnerabilities in the past, this has the potential to explode now that the word is getting out," said Craig Schmugar, a threat researcher at McAfee, in a blog post today.
Attacks are launched from Web sites in a classic drive-by fashion, said Schmugar and others. "Visiting the page is enough to get infected," Schmugar said.
Symantec also confirmed that it has spotted in-the-wild attacks exploiting the critical vulnerability in IE6 and IE7 that Microsoft acknowledged yesterday. "We're still seeing just limited attacks," said Ben Greenbaum, a senior research manager with Symantec's security response team. "The exploit is carried out simply by visiting a Web page hosting the vulnerability," he continued. "When the browser opens the page, the exploit causes the user's computer to download and execute another piece of malware."
Most of the malware downloaded and installed on the victimized PC consists of backdoors that let hackers install and run even more attack code. Among the malware is a .dll that's injected into IE to provide additional remote access to the machine, Schmugar said.
"It started out as limited and targeted, but now, with the drive-by attacks, it's no longer only a targeted attack," said Schmugar in an interview today.
Tuesday, Microsoft warned users of IE6 and IE7 that attackers were using an unpatched vulnerability in their browsers, but as is its practice, did not publish technical details of the bug.
Nor did Microsoft spell out a patching timetable, or promise that it would issue a fix before the next scheduled Patch Tuesday on April 13. Instead, it recommended that users modify access to the "iepeers.dll," disable scripting, and/or enable DEP (data execution prevention).
According to Vupen Security , the bug is a "user-after-free" memory error in how iepeers.dll handles certain data. "User-after-free" refers to an attempt to reuse memory space after it has been freed, said Andrew Storms, director of security operations at nCircle Network Security, in an instant message interview.
Neither Symantec nor McAfee have yet found evidence that the attack code has been widely distributed via hacker forums or posted more prominently on the Internet. When that happens, Schmugar said he expects attacks to quickly increase.
Microsoft may be forced to react with an emergency update if that happens, Greenbaum said. "It's possible Microsoft may consider an out-of-band patch for this issue," he said.
Symantec notified Microsoft of its discovery of the drive-by attacks a few hours before the latter issued its advisory, Greenbaum said. "The timeline, however, makes us think that they already knew about the issue and were planning on posting the advisory very soon anyway," he said.
Both Symantec and McAfee have created and distributed signatures that detect and block the installation of the malware that the drive-by exploit tries to inject into PCs.
Tuesday's advisory was the second in the last 60 days from Microsoft warning of ongoing attacks against an unpatched IE vulnerability. In mid-January, Microsoft said that a flaw in its browser had been used to attack several companies' networks, including Google 's and Adobe's. Microsoft patched that vulnerability, and seven others, later in the month when it shipped an out-of-band update .
Users able to can also upgrade Internet Explorer to IE8 , which does not contain the bug and so is immune from attack.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
The 30 best Safari extensions -- so far
-
Apple and Google disagree over licensing of essential patents
-
Monash Uni reduces IT teams after consolidation project
-
FTC warns makers of background checking apps
-
QLD govt demands answers after pay glitch
-
Protecting Generation Web
From data privacy to personal safety issues, cyber-bullying, inappropriate content and malware, schools are facing an increasingly difficult task when it comes to allowing young people to spread their online wings without compromising their safety and personal development. The reality that most schools are catering to the needs of mixed age groups and abilities, and it’s easy to understand why a simple stop and block approach won’t work. Learning environments are, by nature, flexible. It stands to reason that the IT resources used in them should be flexible too. Read on. -
Oracle Business Intelligence and Data Warehousing From Storage to Scorecard
Getting actionable data in the hands of the right decision makers translates to positive business outcomes – whether that means competing more effectively, reducing operational costs, meeting compliance requirements, or anticipating changing market conditions. To get the right data to the right people at the right time, you need an integrated business intelligence and data warehousing solution that can provide fast access to reliable information and the tools to translate that insight into actions. -
Email Encryption/Decryption and Signing integrated into a comprehensive content security solution
Clearswift’s SECURE Email Gateway provides an easy to use approach to providing secure email conversations. The technology enables customers to provide the privacy, authenticity and integrity of the communication that secure messaging offers, but without the complexity and high administration cost of other systems. The Clearswift SECURE Email Gateway with integrated encryption technology enables business to communicate with confidence and protects them from the risk of sensitive data loss.
-
Teach Yourself Visually Windows 7
-
Office 2007 for Dummies
-
Computers for Seniors for Dummies, 2nd Edition
-
Windows 7 for Dummies® Dvd+book Bundle
-
Windows 7 for Dummies®
-
MYOB Software for Dummies 6E Australian Edition
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Office 2007 All-In-One Desk Reference for Dummies
-
Microsoft Office
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Post new comment