Microsoft reported a significant increase in the number of users infected with malware targeting a vulnerability in Internet Explorer widely reported last week. The flaw affects all supported editions of IE.
Hackers have begun compromising Web sites to infect vulnerable computers with malware that exploits a zero-day flaw in Internet Explorer revealed last week.
Microsoft reported a significant increase in the number of infected users over the weekend, and researchers at Trend Micro estimated
about 6,000 sites had been infected. The move is a shift in tactics for
hackers, who had been relying on rogue Web sites to propagate their
"Based on our stats, since the vulnerability has gone public,
roughly 0.2 percent of users worldwide may have been exposed to
Web sites containing exploits of this latest vulnerability," according
to a posting on the Microsoft Malware Protection Center (MMPC)
blog. "That percentage may seem low, however it still means that a
significant number of users have been affected. The trend for now is
going upwards: we saw an increase of over 50 percent in the
number of reports today compared to yesterday."
So far, the compromised sites have run the gamut, ranging from a
popular search engine in Taiwan - now reportedly clean - to various
"We recently found a Web site in Hong Kong that serves various
content including adult entertainment," according to the MMPC blog.
"Users who hoped to watch that content, became target of those attacks:
specifically, the exploit dropped Trojans that we detect as
Trojan:Win32/VB.IQ.dr and Trojan:Win32/VB.IQ."
Other compromised sites included a Chinese sporting goods site with
a traffic rank of close to 7 million. According to Trend
Micro, the site contained HTML code that directed users to a
remote site with malicious script. The final payload is a worm detected
by Trend Micro as WORM_AUTORUN.BSE. Other exploits that also lead to
the worm are HTML_IFRAME.ZM, JS_DLOADER.QGV and HTML_AGENT.CPZZ,
according to Trend.
JS_DLOAD.MD, the same malicious script found to exploit the zero-day
vulnerability in IE7," Trend Micro's Mayee Corpin wrote on the
company's security blog.
Exploits for the zero-day, which affects all versions of Internet
Explorer (IE), began to proliferate last week shortly after
Microsoft's monthly Patch Tuesday release. The vulnerability lies in
the way the browser handles DHTML Data Bindings.
While Microsoft has not issued a
patch, the company has released information on a number of workarounds
to help users protect themselves, including setting the Internet
security zone to -High' and disabling XML Island functionality.