Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Zero-Day IE Attacks Spotted in Wild



 By: Ryan Naraine
2006-09-18
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsoft's dominant Web browser.

Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsofts Internet Explorer browser.

The exploit has been seeded at several porn sites hosted in Russia and is being used to launching drive-by malware downloads that appear to be hijacking Windows machines for use in botnets.

eWEEK has confirmed the flaw—and zero-day attacks—and on a fully patched version of Windows XP SP2 running IE 6.0.

There are at least three different sites hosting the malicious executables, which are being served up on a rotational basis.

Resource Library:

According to Eric Sites, vice president of research and development at Florida-based Sunbelt Software, the vulnerability is a buffer overflow in the way the worlds most widely used browser handles VML (Vector Markup Language) code.

The attack is linked to the WebAttacker, a do-it-yourself malware installation toolkit that is sold at multiple underground Web sites.

"Once you click on the site, the exploit opens an MS-DOS box and starts installing spyware," Sites said.

He said the exploit can be mitigated by turning off JavaScript in the browser.

The MSRC (Microsoft Security Response Center) has been notified and is investigating, Sites said.

Officials at the Redmond, Wash., software maker could not be reached for comment.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Zero-Day IE Attacks Spotted in Wild
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}ks8q8cYۑdK-ěԭRQ$$qL\|9u_zВIʶD th4?'I"nZΘ\̦dwꚃ>}K$B}NUQR C7_/(bP<HwO7n[c^0R?`᳙*,Q  tjGt0]2xֵ;k:&oweki cߨ_[``1Z|R!j 9iݑ ۴^$)qHh] ]( Ѽ$pm<"Q}# QTBQ5w0NK <[@Sա*v25v6^: ȅC׷z$nRvn7o\ 205A2Z [ XdTZ ӡku8r 08Jej-nfO-n@w(\'p}j F1 96L( |HI Cu"ħzr(˺Y4hmEaij|Tݯ(Gί}`[쫅S wQo|;W*)EsvU !GA mkh[N#ZI;\w{>~jr  |'?0Q\&*Jt4M3QA 1qjg`rM7Jqr+ᖃhGZIAvina[E4b™EUdNߒ-~k~>EY6f0ZjCA/]鮘FȏwAժutqӹluoz{MZOvY; i OgfɷVk! /x_NmrG,.iT$+2OIULBxy$Y)r"8_Cj ݖeB_*X__/Rzhf5 t @CX&%94ɔSHu t:f9A}E'ԃ6kiBuV!`JC̺NR49V/蟉$Wm4@r5)6B̄H )7'~ަ,-|y"* brݠHPs>̧ˊfoF"> 23yB(pHqb&μbO૦yp>jY]6'tauIUi3_}ޡ:ixnUO^ S3G#вnZs榣V$c냯~h^TT G'&-d`q86acJݤ#}fE=: aO>lZꎓz>:AGAtišh4άP7&h`C:}ҍ;L 'pGbdx: C 04LH#AтMtT;n]`2Zw9ܻ-L&wzVt#` VGPC!nH }P(Vr`{ZS9;ݲeǀԜЯu%w2J ] #RRR$S]HPw9DJ B!B0HV0(V a\.y"M':ݱ;P}sGe-n^ d6gF2+LYg0V-&D7rb.G EŸ-Muc{s_9ҴJ >Ѵ7=YK9bi]ygm&,`b IK$%\Ew,[t 3Awq=7cBCEs;J`|Ͱ"̴b֜Eu4>dufB7 ƉeLH|B3} H8M{lz:{mQH08-vys3tNn~|ZFhIO3hy:grGֶ-/ |zS.z:ԍ$r%5kb$T`CL yrDr V֌Or1r@eOSSɸVTV3Q2C+L)Eۋ)i SX-8G/4- {'ٲJb-Yֽ Uv/KƠ\?ouriO,ohm_EڠueLGyK-# IHf(XK+ezlxyD62C 7==0\Re࿚Ȕmm1ʚU9,Wfn ()r?-j5 fSXS:hM>]![!rf>G) z7HhТ0T]2akRhjMMaf(0q |0b=9ߟ{8[=z,.K i{y]ؕ.R\bFd>n 'L[QHz{=cTfha8lX|7:HycI_)+%UMH?O~1:2.eX \kOa3IQ7Ϗ9(gd%d)GHZ+jՄ*Zj7;z&͂)V3G qF'|}>M_oũ1ztY9Jo?0t .tɕ>gs||ujN8alEc>eLZrlxXa5£{M۩{ 0v\ j Y58._a>Z7i`rdd8+ѡ,XrMTՑG7`wk*Q :@{!G:0[,(Y)Yhp^u/eۏSZЁ P}̹5u<X\Y``!> ~5z8b&QajY[ ⺪Tj%}gVWg)|h#QL `! Kx{ZCAk1۩Zw=܁c:P=H(TZg7cMśH]ac6U{z@nR)Z- Mӓe;4 O+bIۛў'oj2@mvgfӏ6V=_`tmAؙY%7<@j1m94c~(GcjZ9 XBOb+>aL:+lC30XfSf~508 LB1l̓[@^+_?J= [L4G@V1-0=̞̝A mۨX9)6?`(vPJ`Y V8g;}DC8ߋIjfR΁ۇMOT*%0=k@" c]f.g|]՘z4> ʀkxG2c(Ъ6#iB/%e.N1)Q(&v}j;_&I|SeYȃV)+Y+TuRaoaqVZʑFHU5E࣏M#/ PNkZ[C^$}T>VAU?HM_-UղR?ITAteU1n?mVPVW`Zd&{\%\3Li0o)Q뱋A fT]Z/)+iQ/ ~ dwm PG c[,ġiFR{e">QTk|hxqLL^\}ۅ^jۣ[( L $q* N=YtW%piIIcԧ˾tڼ>3>&L{~;Atf;C {Dڝg8 ^+{_wԸGZ`>|:?I˖Թho0.[ltJj2m&A)pdQL?JnWWVs^0lg~hy# @4+~{!\4w.ŗlOk~w.R ~J`&yyyȒU4*$yyp|hq\36MF1SV5!g<72l&zA5 q^לY0pz!vBZKUc)zF A0֢<]?vV   c@JA=VohuzW{mE& bT1 _RFMQ=#ijV{Lg$R):(9Q{/(軟o%E߈>1K4~ P=8Y,rh縵vRt1?x>6Bz?"Y^3{w jE5p!XIS"9oթ-pOӆO|BaJ;t e~=m2결uC%<2OтN蔈'='C8 z>RB'T5˓4/iY(Eqjhdꒈ~~(i&'ءXԛ]5/7'8 $O kzisq/qF.Zٽuڻoue'3 CݿNvI]iNw7UzyZ J~l't:D(jE[e{wC9Ȫ̅S.{R؉~'g#3^q:-: `tH_/lF臵4/ Z2fP:9G׍[qecz0[ov}{U"㛟t?2ie~WJ]݅i}E)]K5"vKJ*IyuQZSDD6Kh#iv.R_;+!bidOc@/mvx1t` AAXŀ0!Vo lϸG s8<OFeuw#S''Sc3HF#xgyS/6-lF@|Pg;a *|b1 \<e/&qFL>>bY>`_/t#gIfc;}QvDGζM1Sİkw }>t!Y] DBWv-6-klMS[Tx>`BmgH9=:UMCDJ64(E bgO䒘VGed=I6X2Ǡue"c['l<X\-d(΁,>3AL13tگA$eNjttDb#!:˻2l`W-$B^M\`\*i?R89yEY²>DDɌ~(&#x!;"B >z,,,{v_VX P R  um N"+@\xUJj@d^LxOĆAr2iMaM E$jb!%$猓|2+$YDҥS m2IU%6}EDc.qxMv2TM;.;vRJыҩKRI)/'?+L-$׳&GE)ii<ҳshBqRF? V ݖ>){ZQ~{&`$–8] D4Kr rGp` ;fƩ\_괥AVS6bͨ,0+ 4*uگ?Fe&}$uOvU6e k薚&X®?$Kd:TRir$yd+2'nN#^ڞʦVyv~ysIk o-pj.?aAxzhL3צ9&@K!#P%(񤉨J4V X6e3=f-L;rPZIcm㫕7ڳHn!<}GjY(u{ZVs^U0x#^_C<D]G[k;fsq([J+T>oR-gcIk/8`^zּu{c0" ü`vZ1\k)$KYu|G57Ak=&5:Sχ5 n Bhs$]ԓDں@%|舻?0MT#]%v?pSqmNer|֢mw$ y(xnKZx,CWsу qsMp[Y'F6\X!% 0h aE r}vazZ[$u7F yLh^F)<,!=ߪ d7Ez;d@KY_ݦw  7c"m{c7O /aa37!g[_MBxxD`o}3}AwdE1x^/ۦOVu3rmTl@˯qMxHl[/D*W~`ء5 Y?:8W86]Ԋ5vtV V'p9C@Pj&`," 1^;} AG񈗾'@U$& WԞz;4܀LReN3VuG\ѼyT@ƎŠ ]\i^cgV*i<˯s52P IugT8xsz Slƺހqt+T^=ߐPx(&L-*1E @L$`aW+r.v*s=ݶuKx׋_=y29M3ϊ󓘢pmRM q.;6۬7ovj}mB㵙Jj~6}A+=V4gC mX[`8N{_<@VE[6bVԽKC敲<Rgo[]Am Aɼ#Ь%5:&DJD:`ѿ'E?┉fae?5 %3f"N5p+qDSuKפ{ |:xrO)8weQCH9^/Ym/ j=oIrJ W,'I,b'X2KX ђ,#ЋCdsMVOtw_qx^Ǵţll <>.N-£EIo|֊OZZYΞCtf!;䱓I#$:Ky8r?E* nO2pyfStU f0; oCNp?oG[yϩD#? KD)PG%4'?YSC ~܉g¤ZZt'O|g'dQ?' <7v=,V19z C'KT㎸?(F]{F9-0Whf~!,z~壸l G2(kj  hFe7@]oA\]N|Eg@*PVô%J]Y a!/(/nQqaI{ŵ&{Ϙdcߝ9pj+jj5A^xJ-="@Ÿ Rxc) +hWۏAE!Lj>CA%ge3-Ou{ (gQ"ΙTh,ZNtIEĥkc.ѕaZU9PWK.KBG2K*lW1 {BZTes[ɧj_2RUBIC7@qͧ5-㛔Oj6j=!`5ZOk]P;Xif;;yj+n-浻3xb(ͪNT孊tNH ?p찌71~ty2C`m4,\ !BπTa+͓fihn_ܾECyQiwqݗǮ4U0}j[=vXȵFB ķ' /}ZpY$Xk:Vga`dr}TK[\JH`o2o)K8cHZ @xl9c=ZF]^:,oS~wAÿ{{i/ ~HګkѱFF9Μ $iѩHۡ$Z[.gн<#hHY6W2 lO`LqeYZ y۲VSo4Jۅ]aYJ %N&099ݱ=X .QqTJ  J}9`V9H0oYktbaX݋R|jۣVd}ext߀J"vr[-"ic:&L I.oJ^j巩c4}A6ژy녟iF4Y057&Wd.4<~׵p3'&΀E!,E|z['AU}>l1d.+62 1jLlSG:no9l~V };C}m!Ln T:(g*Ah,E,t8@!'vq]Q sEI"aK9.!y:q0ra)?ňo8fkHג s)؇c*zk7/{ʁRSHe t083)yҊF2*m&~^I79m[)45aBRAA26)霔bZŘ!&"c36#|M q$xDӆRǠ{qt\11Fiŷ^$l;b21#bHcΣ @J.JeEt0?B5DRSJLmn$|s 3CXLi8qXg 5S$[a8; ܕūA6N-h鞭YG7`C[UEY|obL,`A~,?^!us x\fH֎B<ⱴP<'<(%ʅhgFg$&B&H@PbJM*IdR|:PJ|Έ&j9鲪|.A@:E~<{2QqJV!J`xzA dez߃;ZGL€،\ݹXh4?5iv>N;WN6ǀ}RGݪ;es/4N-/<4m+LJrY:2 ͋6Sfr3\h^EqɃwg;飱8ĉ;?NJ*Q^e5DM@+8 [t1!~պnzZ>ZA/N|veIȉkhw >>V CkP܄qP b>^ Ȥou9CN(S~ O͜.wsʑ[@V;O֗}Ns>?BgB㬳*4:r_'\C;9+4>r?C<+3>E">"@\9_^E^ ?唟AYNߠo9P~S{3 ?9s w3~]7]?/WW9q_ s?=_P>'(W}Sn&&oonr/=IR<9k^qNy8rEUrXB]@y>(P/ntsث:WJsz9^}NNF&I^WKͮ0TntKT쵆cn5:Aba/! c|U$X2T )htVydS˼VRRw;]Sڤ\j.{]r-XѧV{5_9p=*yFDnUs"X5̽q>u=( }^1 B8 v#t{z*%.n ۍLxL|uӚ޴ȴv<2kݫ++#BAfп~% +տO^[x)cMzL˘͛YȌMMu?/{_ۉ G2)ebb;ˈLbTlJx Upgb,/7ˤK4l!Klɜ]k'b"'mgs|&L"Ϗ,O~f+gM ĪG9ШscwˡB~22S7r{TB΄[4п*$*˗ X֭23t 8lu^0H_xI{׿$0y.6 P^k! ޙn'W951N(_Cvi >dGf@L V$.>t ޺S֚lCvsFdu#aq1<̡Pnl@PJmXvg&B. c@e8>cc>m=]wrl#kvܙ%(H_IϐR(xƠC)e h km"tZзkdY9Hz&zU x$.6=j"1: gC“JҢwv=鱽$(\d~\g; xv 7&R,`+/2^;''H2Gd!᳤c9*=>S3m-(E'.r};{,d/+2bХvHyU/BcRM?PɕX)umȧ|o|B,[kl`NB`tp" "@"drtPŗ-;waSF)f'VFp)hDN<}y<ڢuKğ?X \ cwHV&Lt[Oulם8G# Pr⁜0қ!%]c *|? OGe Lt8͡o0kn>7q$Lxˍtd_d%\!d@WD0;"6i}.KE&(Xp\GAΙَiQ u-91"uz ?;<v;fC &+_2uE>v/-ǬyJ~S.u 7tle @ëx mE73B**k,^zXٻb?n)ZF,c-ԭ<P8_C~C.vjmnJQXƺa#¶u4mщo߉n^3Qa[O_9-z0 LMkÐpai#fSSѯf Ax =`#hxb "nh1)d'k%I' '60Ä ݽ"5roq=}eיJ؍pKg8g!(X^ZLT/>%hw2b5g_yfOȅ^`\YG+n:' wX;EB(O}y9|C*'꛺UEώ7z/>!2T!6xvYpEI{C[7nyq˖UQ- Q{jgA0}U\OWzvC&ȕ/g2F#-<#DW˳̺Uj*$