Fresh Drive-By Download Assault Abuses Critical Vulnerability in IE

Researchers at Security Company Trend Micro state that they've detected one fresh drive-by download assault that abuses critical vulnerability in Internet Explorer so it may load several malicious items onto vulnerable computers.

Notably, drive-by download assaults represent an ordinary as well as successful technique for propagating malicious software while they're commonly executed through authentic online sites, which have been hijacked.

Further, these necessarily exploit security flaws within popular software such as Adobe Flash Player and Reader, Java, Firefox, and Internet Explorer in their obsolete versions alternatively the vulnerable computers' OS itself whereby to infect those systems.

Reportedly in the current incident, Trend Micro has identified the exploit as JS_SHELLCOD.SMGU, which attacks an IE flaw that has already been addressed within Microsoft's security fix namely MS10-090 that was recently issued on December 14, 2010. Softpedia published this on December 29, 2010.

Additionally, Trend Micro has said that the latest exploit is noteworthy because it possesses high potential for propagation and/or damage. Essentially, by exploiting the security flaw within IE, it allows hackers to remotely run random instructions on the infected computer.

Evidently, the said flaw exists within IE 6, 7 and 8, which if remote hackers exploit, they can run arbitrary code. Moreover, on successful exploitation, the Shellcod Trojan links up with URLs from where other malware programs are downloaded, identified as JS_EXPLOIT.SM1, JS_EXPLOIT.ADA, TROJ_LAMECHI.D, PE_PARITE.A, TROJ_GAMETHI.FM, TSPY_ARDAMAX.HR and TROJ_DLOADR.DAM.

Shellcod, which abuses certain application flaws and thus lets hackers to remotely run random commands over an infected computer, is likely entertained on any site as also executed whilst an end-user visits it.

Notably, a particular variant of this malware is an installer of Trojans, which solely pulls down and plants still more malicious programs. Yet one more variant represents a data-stealing Trojan, which captures credentials for online games, while a third one contaminates .exe files.

Eventually, computer-users are highly recommended that they should maintain their operating system and other software up-to-date so that they don't become victimized with the above kind of attacks. Also, it's crucial they run an effective AV application having a Web-safeguard element so that 0-day assaults can be prevented.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

» SPAMfighter News - 1/8/2011