Attackers Hammering New IE Flaw via SQL Injection
The security community has been abuzz with the news of Microsoft's newly released IE memory corruption vulnerability over the last several days, and according to researchers at Symantec, there's good reason for everyone to be concerned.
Beyond any controversy regarding the timing of Microsoft's related advisory, Symantec has been tracking the arrival of exploits designed to take advantage of the flaw among its customers and found that there are a wide number of threats, specifically those involving SQL injection techniques, which have already been unleashed on the world.
To date, since the release of the company's antivirus signature for the vulnerability late last week, the AV giant have observed over 33,000 hits on its customers related to the IE vulnerability, Symantec researcher Peter Coogan wrote in a blog post on Wednesday.
Activity targeting the flaw has been particularly strong in China, where 81 percent of the instances discovered by Symantec have appeared. By comparison, the U.S. has ranked second behind China, accounting for only 7 percent of the malware samples.
The overwhelming bias in attacks toward Asia is related to a massive surge of threats targeting the IE vulnerability across Asian Web sites, with variants injected into over 100,000 sites in the region, specifically many South Korean URLs, the security vendor reported.
Attacks on published vulnerabilities often take root in Asian countries where many users are working with pirated versions of Microsoft software, as those users do not receive all the firm's security updates, security experts have noted in recent years.
In most scenarios, once a compromised site containing the exploit code is visited, several attacks are run against the user's computer. If the system can be exploited, the threats then drop various malicious files onto the system, including the Downloader and Infostealer.Gamler attacks.
So, while many times the security community, in particular the vulnerability research segment, is accused of overreacting to newly-published IE flaws, it would appear that in this case there really is a significant groundswell of threat activity appearing in the wake of (and very likely before) the news.
Not that it's a good thing.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.