Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Internet Explorer Microsoft Security News

New IE Zero-Day Being Exploited In the Wild 134

Posted by Unknown Lamer from the die-ie-die dept.
wiredmikey writes "A new zero-day vulnerability affecting Internet Explorer is being exploited in the wild affecting IE 9 and earlier. The vulnerability, if exploited, would allow full remote code execution and enable an attacker to take over an affected system. Security researcher Eric Romang discovered the vulnerability and exploit over the weekend while monitoring some infected servers said to be used by the alleged Nitro gang. To run the attack, a file named 'exploit.html' is the entry point of the attack ... According to analysis by VUPEN, the exploit takes advantage of a 'use-after-free vulnerability' that affects the mshtml.dll component of Internet Explorer. Rapid7 on Monday released an exploit module for Metaspolit which will let security teams and attackers alike test systems."
This discussion has been archived. No new comments can be posted.

New IE Zero-Day Being Exploited In the Wild More

New IE Zero-Day Being Exploited In the Wild

Comments Filter:

  • Re:Question: (Score:5, Informative)

    by thetoadwarrior ( 1268702 ) on Monday September 17, 2012 @06:58PM (#41368799) Homepage
    Ie 9 isn't on XP.

  • exploit yes, virus no (Score:5, Informative)

    by planckscale ( 579258 ) on Monday September 17, 2012 @06:58PM (#41368803) Journal
    This exploit has been targeting chem and defense companies. The thing about these exploits is that they typically are just a method to drop the actual payload which is usually a virus or trojan. In this case it looks like the payload is Poison Ivy, which was added to NOD32 AV defs back in 2008. Yes, the attacker could compromise the machine and get admin shell, but the majority of the time they’re installing a keylogger or other virus which NOD32 will catch.

    From TFA:

    First, a file named “exploit.html” appears to be the entry point of the attack, which loads “Moh2010.swf”, an encrypted Flash file that it decompress in memory.

    According to AlienVault's Jaime Blasco, the payload dropped is Poison Ivy, as was the case with the previous Java zero-day. Poison Ivy is a remote administration tool (RAT) that was used the Nitro attacks that targeted chemical and defense companies. Interestingly, after exploitation, the attack loads “Protect.html”, a file that checks to see if the Web site is listed in the Flash Storage settings, and if it is, the Web browser will no longer be exploited despite additional visits to the malicious site.

  • Re:Does this include IE9-64? (Score:5, Informative)

    by WD ( 96061 ) on Monday September 17, 2012 @08:05PM (#41369507)

    Yes, IE9-64 is affected by the vulnerability. Whether exploits in the wild will succeed against it is another question...

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close