New Trojan.Naid Unleashed for IE Bug Following Security Fix

According to Symantec the security company, one fresh Trojan named "Naid," which developers of malicious software have released, exploits certain flaw in Internet Explorer that Microsoft lately patched.

The flaw, says Symantec, is a weakness in handling objects, which if the PC-Trojan abuses, can help to run malware.

Already, the security investigators of the company have discovered maliciously inclined people attacking trustworthy websites for leveraging the exploit. As an e.g. they cite Hong Kong's Amnesty International website that was briefly hijacked using an invisible IFRAME aimed at illegitimately diverting Web-surfers onto a Russian site, which harbored harmful JavaScript employed to abuse the security flaw. Thereafter, the Naid a RAT (remote access Trojan) was made to infect the victimized PCs. Incidentally, Symantec was first to observe Naid, early January 2010.

It was also observed that the exploit backed various Windows editions as well as languages such as Windows XP, Vista and 7, while the languages supported were Russian, English, French and Korean among others.

Encouragingly according to Symantec, its researchers have removed the iFrame off the Hong Kong Amnesty Internet site, while there's a resemblance between the current attack and an earlier one, which targeted the UK Amnesty International site during May 2012.

It's noted that Trojan.Naid seeks to establish a connection with its controller i.e. the attacker to whom it facilitates illegitimate control from afar over the infected PC via certain custom communications system. This remote admission into the computer lets the attacker carry out many wicked operations most particularly monitoring online operations of the user or stealing his personal data. Evidently, when Trojan.Naid is employed within an assault it reportedly responds to the IP addresses located within HK through the country's ISPs, incase the targeted site is at Hong Kong, reveals Symantec.

The security company also reveals that the malware is rather one zero-day exploit as the assaults happened before the security patch to the flaw was issued and that it's far from a normal situation.

Meanwhile, for mitigating the impact of exploits as well as their malicious payloads, Symantec recommends that computer-operators must make sure their anti-virus definitions are up-to-date.

Related article: New Spam Mail Charges For IPod

» SPAMfighter News - 6/25/2012