New IE 0-day exploit code found in the wild   Leave a comment

Exploit code for a previously unknown Internet Explorer zero-day vulnerability that would allow an attacker to perform a remote code execution and install malware on the visiting user’s system has been discovered.

This malicious code has been found on a single website, which has since then been taken down. “As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers,” it says in the post on Microsoft’s official corporate security response blog.

The vulnerability affects IE versions 6,7, and 8, while users of Internet Explorer 9 Beta are safe. Microsoft has issued a security advisory detailing the flaw and has already devised a Microsoft Fix it in place for easy implementation of the offered workaround. A security update to fix the hole is currently in the making but will not be released out-of-band.

UPDATE:
The malicious site in question was discovered by Symantec, and a link to it was propagated via e-mails sent to a select group of individuals within various organizations:

“Visitors who were served the exploit page didn’t realize it, but went on to download and run a piece of malware on their computer without any interaction at all,” Say Symantec’s experts. “The vulnerability allowed for any remote program to be executed without the end user’s notice. Once infected, the malware set itself to start up with the computer, along with a service named ‘NetWare Workstation’.”

This malware would then open a backdoor on the computer and then try to contact a specific server hosted in Poland in order to receive encrypted files with commands telling the Trojan what to do next.

http://www.net-security.org/secworld.php?id=10103&utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Advertisements

Posted November 10, 2010 by axxerainc in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: