Another Internet Explorer zero-day vulnerability exploited in targeted attack

Stephen Withers
Thursday, 04 November 2010 07:54

Business IT - Security

A number of organisations around the world have been targeted by an attack using a previously unknown vulnerability in Internet Explorer.

The latest security advisory concerning Internet Explorer involves an exploit that has only been seen one one website so far. According to Symantec, that was a legitimate site that had been infiltrated by the attackers and used to host their malicious content.

Symantec's Vikram Thakur said the attack took the form of an email purportedly about hotel bookings that was sent to "a select group of individuals within targeted organisations" containing a link to the page containing the exploit.

The exploit silently installed malware that created a backdoor on the victim computer and accessed a server in Poland to download small, encrypted files containing commands.

"Looking at the flow of commands, it is obvious to us that someone is entering these commands manually from a remote computer," said Thakur.

While the attackers specifically targeted Internet Explorer 6 and 7, but Microsoft has determined that the underlying problem is also present in IE 8 though mitigated by DEP (data execution prevention). DEP is enabled by default for IE 8, and can be enabled on earlier versions by using Microsoft's free Enhanced Mitigation Experience Toolkit (EMET).

How did the exploit work? See page 2.