Zero-Day IE Attacks Spotted in Wild

Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsoft’s Internet Explorer browser.

The exploit has been seeded at several porn sites hosted in Russia and is being used to launching drive-by malware downloads that appear to be hijacking Windows machines for use in botnets.

eWEEK has confirmed the flaw—and zero-day attacks—and on a fully patched version of Windows XP SP2 running IE 6.0.

There are at least three different sites hosting the malicious executables, which are being served up on a rotational basis.

According to Eric Sites, vice president of research and development at Florida-based Sunbelt Software, the vulnerability is a buffer overflow in the way the world’s most widely used browser handles VML (Vector Markup Language) code.

The attack is linked to the WebAttacker, a do-it-yourself malware installation toolkit that is sold at multiple underground Web sites.

“Once you click on the site, the exploit opens a denial-of-service box and starts installing spyware,” Sites said.

He said the exploit can be mitigated by turning off JavaScript in the browser.

The MSRC (Microsoft Security Response Center) has been notified and is investigating, Sites said.

Officials at the Redmond, Wash., software maker could not be reached for comment.

Check out eWEEK.com’s for the latest security news, reviews and analysis.