Malware Attack Exploits 0-Day Vulnerability In IE
Researchers from Symantec the security company warn that hackers are exploiting a fresh zero-day security flaw inside Internet Explorer via employing malicious software.
These experts, apparently, noted the problem when they found a brief spam run that tried to deceive Web-users and get them to click a web-link. Using the caption, "Re: Hotel Reservations," the spam mail pretended to talk regarding some hotel room. It also provided a web-link that took users onto an authentic, but compromised website.
Elaborated Threat Researcher Vikram Thakur at Symantec Security Response, the web-link connected with a site that carried a script checking the operating system and browser versions the user utilized. EWeek.com published this on November 3, 2010.
Thakur also explained that the particular web-page containing the exploit merely worked if the visitor browsed with IE 6 or 7. Consequently, the code moved the visitor only onto that page which harbored the exploit whilst he met the condition. And if the browser version or name was any different, the visitor merely landed on an empty site.
Furthermore, according to the researchers, when the web-page with the exploit was served to the visitors, they couldn't understand the anomaly. Rather they proceeded to take down as also execute malicious software on their PCs even when there was no interaction whatsoever. By exploiting the flaw, it was possible to execute remote code that the Web-surfer never noticed.
This way when the system was compromised, the malicious software automatically ran during the booting of the PC. Simultaneously, the "NetWare Workstation" service also ran, while the malware captured .gif files, which were encrypted, and gave instructions to the Trojan, said the security company, which identified the threat as "Backdoor.Pirpi."
Meanwhile Microsoft in a freshly issued security advisory provided the solutions and ways to mitigate the problem to enable IT admins and end-users defend themselves from the latest attack. Suggests the software company, users must use plain text to read the e-mails instead of HTML. And those using IE 7 can enable 'Data Execution Prevention' for extra defense, while IE 6 users should mark the Local Intranet and Internet security areas as 'High.'
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 12-11-2010