South Korean Users Exploited via IE Zero-Day Flaw

Symantec reports of South Korea being impacted with targeted assaults which abused 0-day vulnerability in Internet Explorer. The firm in one blog post notes that attackers managed utilizing one exploit CVE-2016-0189 described as Microsoft Internet Explorer Scripting Engine Remote Memory Corruption flaw for running a random code.

They possibly spread the exploit via certain web-link embedded on one spear-phishing e-mail alternatively one hijacked but legitimate site which diverted end-users onto the exploit. Others affected with the flaw are people operating Microsoft VBScript ver.5.8 and Microsoft JScript ver.5.7 and 5.8. More details are obtainable from Microsoft's security bulletins -MS16-053 and MS16-051.

Symantec states that on the destination web-page of the exploit is included JavaScript code which would report the website-visiting end-user's PC, even as the code subsequently verifies whether the machine is one virtual device, while figuring out the version of Windows, Flash and IE active on the system.

Furthermore, the information gathered is transmitted onto one website of SK. Zdnet.com posted this, May 11, 2016. Symantec says it found one malicious group dispatching web-link-contained spear phishing electronic mails whereby the web-link led onto certain .co.kr domain.

The said domain consisted of the JavaScript code which vigorously hunted for flawed Windows, Flash and IE editions. In case of a desirable target getting detected, there would be a disguised VBScript file delivered through the website inside the end-user's Web-browser.

This VBScript file, according to Symantec, would run of its own, while by abusing the 0-day security flaw would pull down one malevolent file called rund11.dll as among the remaining temporary files of the end-user's computer. But what more this particular .dll named malevolent file would perform thereafter couldn't be identified.

The CVE-2016-0189 vulnerability affected IE 9, 10 and 11, while Microsoft patched it within its most recent release of Patch Tuesday update. Cyber-criminals attacking in SK exploited the 0-day flaw prior to the patching by the software giant.

As per a 1999 act introduced in SK, Internet-based vendors must imbibe Active X of Microsoft for utilizing SEED cipher of the region during transactions. And since IE alone supports ActiveX, South Korean users continue to use this particular browser.

» SPAMfighter News - 5/16/2016