dcsimg
 
 

Zero-Day IE Attacks Spotted in Wild

By Ryan Naraine  |  Posted 2006-09-18 Print this article Print
 
 
 
 
 

Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsoft's dominant Web browser.

Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsoft's Internet Explorer browser.

The exploit has been seeded at several porn sites hosted in Russia and is being used to launching drive-by malware downloads that appear to be hijacking Windows machines for use in botnets.

eWEEK has confirmed the flaw—and zero-day attacks—and on a fully patched version of Windows XP SP2 running IE 6.0.

There are at least three different sites hosting the malicious executables, which are being served up on a rotational basis.

According to Eric Sites, vice president of research and development at Florida-based Sunbelt Software, the vulnerability is a buffer overflow in the way the world's most widely used browser handles VML (Vector Markup Language) code.

The attack is linked to the WebAttacker, a do-it-yourself malware installation toolkit that is sold at multiple underground Web sites.

"Once you click on the site, the exploit opens a denial-of-service box and starts installing spyware," Sites said.

He said the exploit can be mitigated by turning off JavaScript in the browser.

The MSRC (Microsoft Security Response Center) has been notified and is investigating, Sites said.

Officials at the Redmond, Wash., software maker could not be reached for comment.

Check out eWEEK.com's for the latest security news, reviews and analysis.



 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

By submitting your information, you agree that baselinemag.com may send you Baselinemag offers via email, phone and text message, as well as email offers about other products and services that Baselinemag believes may be of interest to you. Baselinemag will process your information in accordance with the Quinstreet Privacy Policy.

Click for a full list of Newsletterssubmit