Cyber-Criminals Exploiting Patched IE Vulnerability
According to Senior Security Researcher Joji Hamada at Symantec the security company, cyber-criminals are currently abusing an Internet Explorer security flaw from among 11 in all that Microsoft patched on June 14, 2011, a Tuesday. SCMagazineUS.com published this on June 17, 2011.
An exploit had been detected, said the security company, which aimed attack on the memory corruption vulnerability of Timed Interactive Multimedia Extensions. This vulnerability was reportedly patched during the collective update released for Internet Explorer. The flaw, though affects IE's 6, 7 and 8 versions, the Symantec investigators have merely found an attack code, which exploits computers running the 8th version.
Telling more about the recently identified flaw, Hamada stated that his team had merely witnessed limited assaults exploiting the security flaw, while trusting that the attack code was currently being utilized within just targeted/personalized assaults. Searchsecurity.techtarget.com published this on June 20, 2011.
Moreover, it was found that the exploit remained concealed inside a script introduced to a hijacked Internet site that had material for a local eatery. Incase any end-user had this site open in his IE 8 browser, he'd end up pulling down the concealed script automatically within a malicious iFrame, which connected with the remote computer server that harbored that script.
Hamada said that it was possible the cyber-criminals dispatched electronic mails to potential victims, while the messages carried a web-link taking onto the site where the criminals would attempt at filching sensitive information.
Meanwhile Symantec, which analyzed the malware still more, discovered that the assault involved one web-link to a site, which might present statistical analysis for the attackers. Notably, the malware pulled down linked up with an active Domain Name System utilized for taking hold over the victim's machine alternatively uploading additional malicious programs for theft of his confidential information.
However, for remaining safe, Hamada suggested that end-users required running the vulnerability's most recent patch. Moreover, they must update any other application including security programs deployed on their PCs. And, while receiving e-mails carrying web-links or attachments whether from familiar or unfamiliar sources, end-users must exercise caution, Hamada added. V3.co.uk published this on June 18, 2011.
Related article: Cyber Child abuser Sentenced To Imprisonment
» SPAMfighter News - 29-06-2011