|
|
|
Zero-Day IE Attacks Spotted in Wild
By: Ryan Naraine
2006-09-18
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsoft's dominant Web browser.Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsofts Internet Explorer browser.
The exploit has been seeded at several porn sites hosted in Russia and is being used to launching drive-by malware downloads that appear to be hijacking Windows machines for use in botnets.
eWEEK has confirmed the flaw—and zero-day attacks—and on a fully patched version of Windows XP SP2 running IE 6.0.
There are at least three different sites hosting the malicious executables, which are being served up on a rotational basis.
According to Eric Sites, vice president of research and development at Florida-based Sunbelt Software, the vulnerability is a buffer overflow in the way the worlds most widely used browser handles VML (Vector Markup Language) code.
The attack is linked to the WebAttacker, a do-it-yourself malware installation toolkit that is sold at multiple underground Web sites.
"Once you click on the site, the exploit opens an MS-DOS box and starts installing spyware," Sites said.
He said the exploit can be mitigated by turning off JavaScript in the browser.
The MSRC (Microsoft Security Response Center) has been notified and is investigating, Sites said.
Officials at the Redmond, Wash., software maker could not be reached for comment.
 Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
|
|
�������x}r8s;�>Ӯc"u]Rl˶lcS��HHb"9$e[;?q^NO7n&�t$_D�;;?!�P`�S
�s�ѩe�軫�F]̑]�k����kHA�შ���:#:@�.�Ss4�j9��뻲9Fԗoˏne0��-ZAa6)V�N�0�,Z P8 �P.�{@~.�
Du�XqH��Շ�H;�*�'�x8Ѽi/DaO��TH�M"p8$J�>vn=�2`q�|!��`T黖6; �AU�VekV}l�v�y!rs�#�gKͻ�Hݠ匜o(Gd`jI:4G�"04Ԙ����2R!p���`p*�)ZP�tGL#fK>!P:x ]3~bA2xFaqHo*! lpq#��'C�\t^䖡�_ֽkYo@ׁߍ�Au�ӱCأz�r ˚7)hewy�n�J
bT/�_+����6�2飉Sug^o~ڽ(T�U-�/W� �?
?4�h;XAr�yMS>�eUs��i^�YHMD߀"0QYTI|/�Z@
��͖P��.kQҋZ[�jA=T�dڡ�f1Sd�XIC/Y�rn�NgsKiw[:>?iN}d9̠T
PAfPKe+%�ԩ\uܞ>_sܶN:]rڹ!'V�Y3��a
O�ɷV�Cp5��'^=v��>N,rO=����j�iT%%+2O'ޗ���1I|[< y��47Q[h,r$�bFrF~DX
,>JAͼ��94��o��fo �NE �-�uj�f%*5V z�[�S� G/<@#�L1p3Z&9T2��36 @�
L�Na�
8�V83��4Cuөݰ�=��W�ԇ9[ϩ`�Ik�E�6]�LRmd;>t)�HhS0<�xw0ܛ[�衟�#]ҽ[:���?�a#0.Z-{����Be^~�m
¢�8�ѵO�>ȁ{4'`sDokii����1).�%�2Rs�}"@�X�mF�t�"AђF��*�4� �gs#X"C"'G3`[XOw$]KI+\fD8�˛nO�u$]8#ˏ�ڹLX.QY,p[/ �͙JRdYe Q="`&�Qea*0pLKa�k`F\JQ-DzMCA��Iq\�9R/���Q=�8�dS7mrH�z�:Ճ)`|�=�0XU2r|=sH�$з^s_o2E- �X.�ܼ?
b>Ȝ 8C��_gM,������Y�O�:�Q OjBnihJʅeIY쩅*TR%��
L�qO).EcgBl㜜3F]s;tO{'ORb-xhV+�m�H_Ơ\�?�u�rqO,�H�o`��koռy_x�ei8Hy�-"�rB`}..�y�6GgQ4�ӋlJ
C=쳧ФmX
rQ�G,-3VV�jPU+RY;wl�� �ʸS�Iݐ6 [IFtp
|�;.�MKϱ("]�=r;�6O8�
61�8zy4!%6$�?& V
sXO
U)꒩(zq�X0b=��ћ�8]%�5f/,{��ikqMّRBj�d>i�'�[ar�S��hfh:4-�5[E3Os��)]&ٰR.��%,I�6�D�ȸau-`by��:R?؊ 7ܕV�����R�53]։30-Rjz9Ȣ\Qۀ+B`�Sքc'M}XtcykyW��h0@ ��~H.Lb�V���46�\,0�|*W*Uˈ`n�+V/(��% 7]@�.�&D��~?DNR}K=.C+DÜU^ofO�8�O�ZV,֪19P+R�js��S??]e��t4R�;!p��^9Z1;�|b
,`�� |���J<6}�˰"U
}f�|JZYXIb+�ģ�Y��V�
2h:p`{��y�~�t=G�h�x�Z��`�i@%�
p�LU}+Rq��)?�oZ�iP�Y�f0`�5-*�JIe��(����QGSGŵR�z��Wݮ�Cfu>L:k}��\W
ZQa߯i+^�t
m(5#c
�#2��pg��rh)'j*W�vjϷ�h#�WMY[ў#WX�
tV ЛiQvoV �ՆgyϤMpR|=���^7'Z]EnMsE)y�F��oES�=JӀTɭ6N<�D�s?n206E�m/POG]Qr�/19��|փ�t8ߙ]ߧ`L'vѯk`j�d��W'&#�?+�-m۠|e�2uMtn1�b%[[2|'@�d��k�Ѫ�93
�NQFg�`�W+Y3'Gu"�M."9&́08h} 2"07��$pk�Vg\T`uրDj9~�9HÞ1L}M��}Yz>qGcimmSQ
}�<�h)3$KLfЮ%�H�zVoLspI�e>��2Q&Ob
8Z��Kj�p9Ԃ�u^PS*zWқMO`�@n棨�|rGfP�HrX#7*�iu[=$c��e�T'MFbZ*BBgQ�!W�[-�2B�0VJ3ڛ5^@�M|GOT0u%hzGSqza\/;�n/$h ^�1M�u0@M\6{%]M茻h^ �L#Ԛe$q`U\&LX�5 �Z�LT!wOLIjVڳ$|p`푑���F�t"qT"NV\zF_kɾ,49Aϐa6J4�c!Βa�֭�̚�f?ĄB?jN�y0�P(�
�� c@JA=�o8iw/_i%$C�(�
�`I/)�(+RJ)"4FYM |�NZǝ&g
<�>G&9/HUɉmmlER�}Cx�GM>xuS意G�
ڽ9�k3re}ߨ�{25Kxܕv{vOsn<�]1ngvlL'#I"+W;Uw7}\8%+�r;ѩc+N� c,n�%�P2�^;pO c�é}dO�\ϫ���@< bY_��IKwvzYV��N
Ȣwi=63�CA!{��ze�G.}Xs? 4h�g�`zc{ƹ=39a
dOB%��euw#�S�'gSc3/H�F#%o&OSϱ�mF�@|Ր���
;as*|�b��\<�E�+&�qFL=�9b�<�"s�(ı��߂Kd�[:�LgF�MM�
y6u4JI)�~a.z_:�8Yz9+ֻD
]X0XRr>�p�+Sah�[��6
BD>jԧ�ӆes&Gcǣ|}پ��i�<�zY�9{@;�;al퐲S$�?opE)lY�c���ۿq&ș1�K����S�Z X@>&NU
{P>Nr19pa6HȂҪ���Azb�ՄKL@-�rV
''���+MX'h(�Ą~�o36dG$X���~@27'EnϐS1Oyj���iB�h�ښnvKj, 1���H� � �H� �42*[s L 0�(�f{{
)l4�a18;5�ER�gZ1��vU_],34@^�o�F�ߤ�֗�UX,W7bQ�@ex�U�o+"'nN�^ڞߔʦV|q~3{��_q΄�.zc���p��?w,m����� �(�@I�� зtO'MHgPwb<)�^��'u�oF28l�e"y[�ZjL�+�__||` Br��KI-5�4:Xs�KEdR �^8#0�f;y1k+!*�+
i%bVsNby~Eڱ��k4j@|kRwn3!'3t�ve�M�I݀��!ݘKJZ.
)�h�a�.IG�`a]Fer<֢mtw$�P�7+BO{����Ik�W��hr�/N�m8/��̍c�JT%Ӧ|�~[Fc_/ O-XB[U<2~ء5��Y/�b\+l��k|7w@�bl
UՉ&V+~��"x01�D�!4ĺ%WَuB�O!@ /}7OR"+\zRkZΌR��"($-U4c:HMuG);i�4�GP5I�̕%A=Vz�j%ԞIƳA>S#�5��p쌚t#?7ĩ6[sVc`�5V�d3IYf貁(n]
ڟ�b{�HD�~��2%*u\Ͳm�o�xc�_|]yܿM��aoeNMoU
Q)=6[wvJ}yx嵙JJ�~P7}Aͽ?V4G�
nX�[`8,?ϋ��Os]�@VE]6bĹ�/g4��cgGO{M
a߃�[�yG�¡YIj|ubE"$486o uD �2~�J�+<�h`
�>WӴ��,'k�WAv|woױw-\�p�xW��%ekg?}b�闺Q0ȣŹ�.e^��˓��4>�RP�y!�Fv ;�Kb+{�cߍ&ƘKjxZ-+%�>%sZk�^�Yr+ȈZal�\!1cnTA9=�Qj�5~SH�*Z!Ѥ!v�[bTy
|rms|YM13bmC��y�m�+=�j=!vúv̈́WN|�W@O[jkwhDPU�+�l�Ջ[�需c~�mQDOa)�oc,{�wy��G�2C�`m
4,\��!�\πTn��\I�hMV_|yz˛��j$56]v9�XȍJ.>Ksħ�'��'}sYXO:Rga^1`^.b¼y4
D�jxc;�0YV飏ji+�1 M�?=�{i�g��X�a>>(�-^a̷Uqhki\SK%aJd�'��$'th&v�btM-SL@w~j�4Z�Mϱ{
cDK:��c�S\YrVfGh
}C6Ŷ(Մlk�s!Ή04%n�c�茜kf�MP�q�unj8G*%_]E�F�0ǘ6Z
X#Xrt1І]1�$|ɈVs
%��M?�OeBz{F����S�O L5&�H!4�՟.'���aI�v/?VH
��[u
Y�ֺ>_E�_�t�Id�Z{Gt�Mx�$7�+�
8U%\��
��{Ꞣ'nӨt�}A6�ڈy�빟i�$�Y04��7Fd.$<~Up�R�;"NE!,˅|z['Ae}�H?Km1+62s��jD�l�3x�:jn[��jv/Z^릋��V�<3E}m"���n�D���Kug*AhǛ1�,t@�!'vQ]Q
s�={P{0u�S�x)s!aZ;XF�9ܐ&9iHQ}kwex��Zҷp+ts9rܹrھj]ߴzƩL �_�mi |Q);MFY�ybvʔPNG#ͅfU�,x��j�E�^/J��M�;�ٓ(k.PJTٌ/!�bTթ4�W?y
''7nWͦV\k!h?gg:^_M�;FSꁠMXa`1D�*'M&7�b�Qۺh�H窕k&5+ۼ�v(��3ʿB�(Y]~�NmfwQ[]~�48ie�CSi�}Πg�?�VsI>(3UF9\c7�Y]~�/2_g�s _f /�}/3{ ̠%%e�^�^f'U�WsF9g
Q~ �0W�{�s!?W0~W�ׁw2�?�/�r
q�u7?7���w�n�=^��X] S�}Y�>�>g�oʁo3�ڿh�6s$eCP̐5.N�p2˹Q�+/ޯVD=՞bM�dGE⬏G\%_�Ⱦ6qu=oFD1�K�AB0_w��ݣ6}����oLҧ~�<ĊrnOArtDw�[MAw)[W�/:)7.q{Z��ڎvڝGfzuieDd;�w6�oCdrŴ��}�=G]�-xLԸ9GpoQV"
#�<5 lar:z�Vjf�z:t}aO��vHyѿnC{:�'K�u}�NoNDV�)pF �F�`��1z�I�]�]�
;wC-=C�PN�M鍆�ν6�"Έ].n�@R'9w:*%U-)UTj%wWrDaӃ=""CP(�BUN�-U+r
0�X\����^9�Q(Fuo*K0fy�=q̐g�a��1V�J�!'\C�x�ċ)mn{L
�_||m\fp�-y|y�ث�ގe�@��V,�(�s0��ؙ_F�lO��B�V��x3O?�hcƥ��6�%`ή�1vK�u̿O69>p&~' ?n
3Ε@q�
�hlգ{h9Dq/1<:,`�� '+ՅoRs$ 7oJ/ӡ�U�I$�/ADZe"fx`ax"B`u
jϗ95;n%c�$Qw�W.�ɱwؼ!)g�P,�CV}<�(�lu�^ӲO^xE�ǻ�80~.6�
P�H_k!ń ީ�n'W951�(�I´kaw�A{r �1-�X�hcоx�M4Xkw��+#�Pn[|Qؗ�E@1agG�۶f*iד\cR
?�PɑX�)u�n'|oS�{)0XP�yw4q�¥"UJN���X,8.� +tǿ9Qs�u�9���BuY^|:y-.�E�Ofu�ݎ2Rtlk.��!gXi[��e1BpCɖ)�tO�!?���BVt3BB���`GY�e`kv�8utvKѲ
V�7"ְ0ޏYw�PT�l@��xS�az
\bXe�܄�1UF.Em�khT[_ )*l+c�V
�9/߶c3pݼ¶"�yX��
A\XNڙB
X�<ٰ���s+��o5Љe6���{0^n,eH&}Kqd.5"�$8r嵖I��;;a0��&iE-㨤t`C
v�_Ή~ph[?�҈>A� wVǰ�XF!&7�O80�Ux|�-h\l�}{M];8LgѸ�;"P߯HVlw;��++�Ȁ7H>Y{D,5Rb:(G-��z��k|FXK��c*&ر`=br8Lte4Q�|�J Km)裋�ȃgz�^4}ju�X����`*#F"�;�,)>\tnbo`i�/=j�<|:�Ҍ%!tnNZi��B"E�w<9i_%+e=;`ol��S�g�
|
Network Security & Hardware 
