Zero-Day IE Attacks Spotted in Wild

 
 
By Ryan Naraine  |  Posted 2006-09-18 Email Print this article Print
 
 
 
 
 
 
 

Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsoft's dominant Web browser.

Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsofts Internet Explorer browser.

The exploit has been seeded at several porn sites hosted in Russia and is being used to launching drive-by malware downloads that appear to be hijacking Windows machines for use in botnets.
eWEEK has confirmed the flaw—and zero-day attacks—and on a fully patched version of Windows XP SP2 running IE 6.0.

There are at least three different sites hosting the malicious executables, which are being served up on a rotational basis.

According to Eric Sites, vice president of research and development at Florida-based Sunbelt Software, the vulnerability is a buffer overflow in the way the worlds most widely used browser handles VML (Vector Markup Language) code.

The attack is linked to the WebAttacker, a do-it-yourself malware installation toolkit that is sold at multiple underground Web sites.
"Once you click on the site, the exploit opens an MS-DOS box and starts installing spyware," Sites said.

He said the exploit can be mitigated by turning off JavaScript in the browser.

The MSRC (Microsoft Security Response Center) has been notified and is investigating, Sites said.

Officials at the Redmond, Wash., software maker could not be reached for comment.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel