|
|
|
Hackers Compromise Legit Web Sites to Target Microsoft IE Flaw
By: Brian Prince
2008-12-15
Article Rating:  / 7
There are 1 user comments on this Network Security & Hardware story.
Microsoft reported a significant increase in the number of users infected with malware targeting a vulnerability in Internet Explorer widely reported last week. The flaw affects all supported editions of IE.Hackers have begun compromising Web sites to infect vulnerable computers with malware that exploits a zero-day flaw in Internet Explorer revealed last week.
Microsoft reported a significant increase in the number of infected users over the weekend, and researchers at Trend Micro estimated
about 6,000 sites had been infected. The move is a shift in tactics for
hackers, who had been relying on rogue Web sites to propagate their
malware.
"Based on our stats, since the vulnerability has gone public,
roughly 0.2 percent of users worldwide may have been exposed to
Web sites containing exploits of this latest vulnerability," according
to a posting on the Microsoft Malware Protection Center (MMPC)
blog. "That percentage may seem low, however it still means that a
significant number of users have been affected. The trend for now is
going upwards: we saw an increase of over 50 percent in the
number of reports today compared to yesterday."
So far, the compromised sites have run the gamut, ranging from a
popular search engine in Taiwan now reportedly clean to various
pornography sites.
We recently found a Web site in Hong Kong that serves various
content including adult entertainment, according to the MMPC blog.
Users who hoped to watch that content, became target of those attacks:
specifically, the exploit dropped Trojans that we detect as
Trojan:Win32/VB.IQ.dr and Trojan:Win32/VB.IQ.
Other compromised sites included a Chinese sporting goods site with
a traffic rank of close to 7 million. According to Trend
Micro, the site contained HTML code that directed users to a
remote site with malicious script. The final payload is a worm detected
by Trend Micro as WORM_AUTORUN.BSE. Other exploits that also lead to
the worm are HTML_IFRAME.ZM, JS_DLOADER.QGV and HTML_AGENT.CPZZ,
according to Trend.
Obfuscated JavaScript in the HTML Web pages are also detected as
JS_DLOAD.MD, the same malicious script found to exploit the zero-day
vulnerability in IE7, Trend Micros Mayee Corpin wrote on the
companys security blog.
Exploits for the zero-day, which affects all versions of Internet
Explorer (IE), began to proliferate last week shortly after
Microsofts monthly Patch Tuesday release. The vulnerability lies in
the way the browser handles DHTML Data Bindings.
While Microsoft has not issued a
patch, the company has released information on a number of workarounds
to help users protect themselves, including setting the Internet
security zone to High and disabling XML Island functionality.
|
|
�������x}v89�hN;�/ۑȶlkb[�K'ݣHHb"5$KK|/ϸU�xӅ|Iҳqwl��BUP(�~ 'I"nZΈ\̦dw}��轿K$��}��9UQ#�3W)9bP�S4mzΠN@\��}@^cfw��D%x�_'Щ�ѩ�wɘZqP�ɈQߕ>}^~d
w��.hrL�IlG�t�uGѦ�%yH}L��DRNϊ�m@|��ַ0>t@ߩ�V�ANÉ,}!*{�'E%�k4ً�ᐨqG/��Ə;/�!�X]~�ꄽ4-jd`-vu=yͰ
[�a��z.�9�1rz�н[�@M*6��L=iTVE�;&�3ýtf?D���k��N\#Z��ˆ螥{�ɧ5�u�5I
�`�1l{`�2�I%$�7
��.lqO-%0/V`=Ķ|h�)tq�:/r~/7@7nG;s}27 .vQKv �TmO |lM�S�>�I
�uBأz�/˺7�hm�y�a�hjTӪrP�5X;p~�-t}rf��Ne4o_ozRV5MQj�U���u�غs��m)k��Cq>t;'=r:?'��7��;Aڼ�3 N7Rߙ�0QT�&*rp0I2�A�1v,/B�.oVs7-b)ځVP]�F[<,"�J�2~̢J
:�eu}uHutvxn |g9̠V*�PFfЊ%+%�2\uܜ�<_sܴ/;7]rҹ&ǭV�Y;��i
Of�ɗV?�\vO|�_�&6�b
M��u�ô|WVK5IqE�u}Dr,�dwLqֻ8'�<-�-˭�%wܻ��/Rx3o�f5
tA�[&%Gi "���:ur�PsfZ[cW1M�X�r
t$ϙuW��7��hr�
Ce)#p?c݃I��hJq�䰉k>ذ�1�"%�
hJqO{�e��$�}ВEtBAͨO��%ތ��E z%Kuu7peMs4rYY4'*taeAUi3ӛ��ӢKsQ}n�UO�nyڂ)W�C��sEhYf7wI�9QM}sQk��,V�RSW, �F�̶#ؠ)S&�3;Y0`���;}B_�Oi&89~��t$�AG66^�zK
tcl���>#ä �wX0=�c�Og6%_�¤><� V��=H:]6(Z\χ`#˖C&@B뎂9��{�ޚ@�<�Q%ݻ�i`y1�&=��զ�OAC@X�\7 >)�@}�9� �nc@MGs{��D�&�f+Lo>L>hQoĸG6}�ˀ)4+��pPs'�>`|�=-0Xհݙ2|dң{��I8�%/5+8dp7 �P*�ܼ?
b>Ȝ 8C��_gM,������Y�h(d'pC!f4Sy%ew{�{RgaI8F2�b9k%nQ/|K؝P48'')N`�sW|��]Ө5mOӬX��UoE[�1(Ŀ�:R�j'-�H�o`��koռy_x�ui8Hi�-"�rB`}.,�y�6G�h�?4�0��%Ϳ�]�ϞZC>c�+�UVjG,m+Z�rirX,y|-lD0(2n( 鿛R&a+\ڨ
N`O#w
Asm0Hw���]?����<<�f�]?&1V
sXO
Mڒ(1@�/��ŵa�a�{�68e*tҝe|aQ=i-);eSK0'��y+�U�>cC�L�mRM}Bu߲�W�ӧ㎃WKH.Z�YAlX.)�Ui��j"�yd\s˰e0f}4~�A+�p��&��>Bk�wY'Jzq#J�rEu�Xo{��`�Sքc'M}Xt�cyyW��Ni0A ��~H.Lb�V���4>�\Pb�r>+
eT6)5*�IMx�m"P/?�ˇ%Ŵ�谢��Ԙy}R�ː
0gt�ed��-NӅZ�
JL�o=9*�ER�gD+�yW�G�"MO�H�_�㬯?q�O_ozѷzpI
^�>��^Jdw%�eXY81f�-��1o0+E
�/ÊTU�ӕ�~�>V�6ʼnG� =q?@*:2
XZ 0��(E{h0�qD��� �ҀJ
�^�ƙl)ba��J)?�oZ�Y�S�Y�f0`%l*
?ŤD
�LkQ3Gŕ5��
�S�1>L:k}��\WJZP+{>`,��mC[$
zX�È�h{�qņ�Z
1
�0};`[��
+fh�+,s��Jb+�ʹV(EcXyh�jC<ϤM͋pR|5~-�>�q 7poj)ŏ@?�(1K?IuԾhp�-6z_5ރ6�
�`i0~{@(}�7{9gEU}y*]w�I/`�yA�N�p.קK%y皟; ˖u��o= r@pAjO/Y�F�>9:o5ÏO�M1+�0fhR`Q��fjmX#�aLFD�!B".5g��|%�V}Xhr!slP6h4lCꏝ%/�A�֭
Bf�3�bB!|J'��Ô��gԢᬖ^}+
ɏX�#z�Sa��J��f� S쓳Z�;QZ"ı0�k�#O.\<��;�;��WQ
=d�zonW8Z7t]ta|c|w=sF�'5\;�HFCucLNj=095|DלO(|siE1�cx�FM{uS意G�
95�Gy��S:7�vkmd�aSf/ݷ?~vcW};
?8t�Ǡ��R�I1&�$Z^T@**sᔤˮvSǔW>��@X�d1�0d&'zvA�J3`Ȟ�xqK7�bR#�o��Q.=]bwQ;ݝ{ŞwYiIe�K\�-"PnGZ�|>W%0.ց4�
2�UCnC_�*Z1iE0pD�a�%$\}5 ߈;6bE�#Ɠt�Mi|o(o&xk6�)
kN7&/6o)�.��i{\na��'x�{7d\ڊ�]�aKn~�Ɩv/w��N,�Viug�.jG��׳
5yW,aq� []�Ѣ�Ef0�A�uXv@n`WIB$1Q!'E83��+7ҝ(WU��.
Սne�Q`0{?Y&Jȏ2Oϲ�Zf]-U���E/Y_n:/AJ5'?=��HA�"VS����FNmwq�Q9��W�%-q])ᙦz
iMt+Mk�h'eK1��Y#깃,շ;~'[�S|W7P�; ��x�>91qU�qѝF�sڑ9/;�3 .�1qQ�s0,�M']2�$fkk'C~�0n!/,�|K=wjB[�e�xt�9]�NS^�>vc"QQl���ގb�mEKjh'�!YP1(�~MdjB�wĆe�d�KO8,a�E��R�a��k5N���B@yݭا&V7eO|c`�B fRh�C+{+,]Pb+jdpU� �HK��Yx���fx�Ri<�)k�ٵ.1&��;I)*RX_:�TBXlĢ�( w"L~P�[ȉ��˛[팽&ʕ��`&Fj=LaK=s;��wwe�^,���fJ�Sǚо̤�|z5
bC|1'�˦+&R4<@jb9mt��1OM\�bi^O�{��L,��U{}oX�m^P;ƃuo-*ƹrMC�>���H�p�a�!g~�olcʯ2,�OM�i#J\SqQ㳉�owu\�=�[.ɢ�r/6/ů(6:0�ƚ
+=Mab,ua p'Ʒ̽:o,.{f
/�ٳ;r҃V6�cW6�_,a�_gË^5wCe(5�`Nu*H}K�\ 7{u/ٕ[=s���07lއ��|�l��
!۩)ԍ�m��l�(I#Y�ۀچձ�LM(ʘU_��UVe=:qBβY,�eeXcgX�6�dfphV�_fX*l%I"q0M_{�),℉fni�Ϲ�%3_� I4�p��D2X��ȓ� ztowwv]g�)5�ε7
�5x�B)V8E�R*96i[>Kӗ��4>(C^PB^]��M=1I�9�꒚|M=m @�x�~�OZ�} �O��]�c)I�%ˋ�}{��AE!Lj�ϵ)h#8iLʃz�^@=x�9sj4�1�!�ގ�r>&ƘKjxWVQjr~zzɟZbiE�.c
2�[�S!1c⭼TA9-�)�j"2+
�jD��-~0Ë״�|^Sh_�w?)fFmz^C �`5�`vX5nZ�Vںq� yK-y�-�J4sc56�غsl7%r��(OEG8aEcә#�A��lMᗚk2烔K�p-Cף6:�̽OdFMĀ"m搯�*e9
JI-���sW5Up�_"\k�oBF|z`�g`z9Ed#u��sg
楒V,T)[g?NGp�]X2#=kB�%.`|\I>HP*$7�Zz/[ʓs}�X�a>8>()[�o�zpWӸ;K�"XL�! DjGF/:K{IF^YA�5X.dD}юMUbtM-R^@υb8�3B;s�^�?�busι\`{�䬼4�Yqc[RJBYIc;7s":;M��f�HtGw,}�@8�(c=сHSjX:N__J }#VQ�^߈�fZh#nO5q=5Y�"XbR`Mh9!MFV(phs�1�iL(Z�xD!1
\�TbЍ�B1˪M;InP}wY?e=`
�'�2u/x{q�B
�=Hl~'�&}}*틨4�;-�ϮⶭM�"Jt�Mx77�+�
SxhC�7�)({ʞޒ�i?<] ��Pmļϴ@BSx�&�wGd.$!��q�r5D;doX��{+$̽O��g-�<�SWld""@Ո��^�_�b߁�srٺ鞷zu�=<��`l(ytg-d=�~Gv72B(4x`H�#�x�l��t�pa�@��-=�qe]LPªC^����M�
l�� \Z��s4�pD_ozeW)�LLn_fa@�p=Sq�-�1Șh
MQ ҖHxD�vtV8!"�&L�m�a��ng
=wBp���bZ!Ř!�&"��c36#&|&l�Gl/u���,#�;+&(?q
E�
�{GLƙ;fQ�s߾�3g t�R" tQ:..�(�� o�I�[Pk,(ω�B53t�SJTmn$|�s�77\�p�>�"(S[��]ă0T]AP�/:�ށA&Vy�p͒wy�6t0^Q=1e&��|�`�[7'��ΥiDZ\?& .ycI�� 8�^yN4X+L-�7,X��2|��
=܇>RXX_1[��> MꪂOJ�BveX
&zđxKwy}8fYU�;q VH:+�^@0��3�:%��_�Ч�6#&Xwn`9�ͫOsM"�ݣUݹ$
�v¶-�r5�u�v?�u>/[W^qb�=vO5mKLJrdeAN.�-f(�D3\h�^Epɂw�ᝧ%;顱8?�/�ԥ;O|;_C)Qe3ʋ, QW~4ab_Q)o��_]-Zq
ƫ�x]53;ژ8Ӧk𖬰uR��\js���@1@C|mzs5Bx_m�;g�埡sF5_.?j�63;P(GN.?���2ʏhu $>ӌ~�ڹY{uy8h�gC�CL2�nQ ?.?��/�/2��Y���\d��"?/?/2�e2�ˏP1�2�(r�ˌ�̐K�ˌ@;�d�N~�+x*k���7��_/z.�!>BǬrc�~�~�3w�7Y7�{�d�wɹN2!(ofY
�NoT�8�\0_Je�YW@a uyQ^�}VV<_`dk�W�t.�rg_�u3��̭Lqr]!,.5P�UZk�/YYFޕcn%:@b}a/ �c|e$2/M*C>#(48%Y}MNJ�4tk 7b[y�$=)>w�槤I��x崝#&JRo-7cENj9.~QJxd\$h{U2�6#�{"dj�=b>/�yd֪WVF�Kp'k͠?~�%kS$_'OxVfw<^R-up�{N> a"q0q?K+_yl�x$Qh/I'�;-�vK`b?94Ǟ"�>}T.q
�sE�yב�y,&Jh݄wj-P%�n2!%?t�zC�ʨn�Y��"s
k!:+2=ju"趯�beL[�W�^{�#�D3dư�z<�ۃ12�<`oȢsL��ALH\>oz^Dl��t�Άb'/QbNm�%� 1o)�%*�ojv[��R�,���`+/2^�;'��g��H2Gd!᳤c�*5�S�2m)yG�ir�};�[�|AӤd/+2b%��#�HYUҎ@B&�PɕX�)u�n'|oW|D�,[�kS\6LDR��}B�0~Nڽm�v0@9DyPމ!/[v2'R*4%NS��xcE�z��?_X ��cwH�V&˃0S�u ѫ�v��>cx GL�o��C2z�lx$_Oxƪ~Saxr=&Ӓ�|�eKo��xך�3Y W�96s--����`⎈Me�6eRDR�*El'f
,��� ~sf㟏[�(@P��9���BuY^|:ym.�E�Ofu�ݎæmx�8< ׁ]"�b�!CNҶ\)V�bʅ.-S�ܟ=Bka��҅fHE/�k,^��zX�ٽbaqS`�-hup#b
��0.<�P0��_A^:?c9Vqٶ�7G,cհ�Qa[:�6W�n
ۊU�y˷XL\7'nRa=t�+��s�`:igNb�+c��gb@xϖ��έ{~k�C'>��:ˇd�g)C2^#s!�YX&�7ę�/O C�WѰ0�L;,lqE�G%��RRNCb
�0F �#:e�brYMz�
cJ\g��ۂ�~�Ӎ+G�S<"Y4.G"�@x�|lw6�++�Ȁ7H>Y;D,5R;tP�9ɓz��0��
�_\&tصa=�$�gꎾ�V�;~v��?;?ˌ�hT*.㉋oZӳy:�?�[7nyau�VQ�)Z�N� $RzWi"^ֳ/�
6A|>Ðy6��x�L�
_eUU�A$摭7yM1�uc*�.yaT셳Qbmئd�Ti2�9?R{) qɭ4>�!an)nǝl| �n%96L]_�[�
P�<�*��
|
Network Security & Hardware 
