Exploit for Un-patched IE Vulnerability Now Part of Crimeware Kit

According to security researchers, an exploit, which takes advantage of a yet-to-be-patched security flaw in Internet Explorer, is now part of a well-known kit for crimeware. Computerworld.com reported this on November 8, 2010.

Cyber-criminals, during the 1st week of November 2010, connected the flaw that Symantec the security company discovered with one backdoor Trojan called Pirpi. But, according to researchers at FireEye, attackers are also using Hupigon another PC Trojan.

Said Senior Security Researcher Atif Mushtaq at FireEye, currently Hupigon was proliferating via drive-by assaults while essentially using the zero-day vulnerability in IE for contaminating systems. EWeek.com published this on November 8, 2010. Mushtaq added that previously Hupigon was also observed as proliferating via social engineering techniques that involved free cracks, shareware/freeware software, keygens, as well as other techniques.

Moreover, similar to Pirpi, Hupigon after infecting computers too creates a backdoor and links up with command-and-control (C&C) servers. Says Mushtaq, a few of the servers associated with the attack code too were discovered as taking advantage of earlier zero-day flaws like one Microsoft Video ActiveX Control flaw last year (2009).

Importantly, security researchers, in the 1st weekend of November 2010, noticed that cyber attackers had already added the exploit to the Eleonore crimeware toolkit.

Remarking about this, Chief Research Officer Roger Thompson at AVG stated that it increased the advantage for many since it was now possible for anyone to purchase the toolkit for just some hundred dollars while there was an active zero-day. Computerworld.com published this.

Reportedly, the above security flaw that cyber-criminals are already abusing on the Web lets an attacker to run malware from the remote devoid of the user's knowledge. By deceiving the end-user into going to a malware laden website, he's made vulnerable to the attack code. Following this, a drive-by assault is launched wherein the attacker runs malware on the affected PC.

Microsoft, which confirmed the vulnerability in Internet Explorer, is yet to issue a patch.

Said Thompson, the recent development required that Microsoft released an out-of-cycle security patch. Till then, however, users should install software which was quite competent to spot and stop web-based assaults.

Related article: Exploiting BITS To Compromise Windows Update

» SPAMfighter News - 11/19/2010