Malware, Network Security, Patch/Configuration Management, Vulnerability Management

New Internet Explorer exploit discovered in the wild

Share

Less than a week after Microsoft delivered its February patches, an exploit has emerged that takes advantage of one of the two fixed vulnerabilities in Internet Explorer (IE).

The attacker was able to reverse engineer the patch to create the exploit, SANS Internet Storm Center handler Bojan Zdrnja wrote Tuesday on the group's blog.

The targeted exploit arrives in a victim's inbox as a Word document that contains specially crafted code regarding the way IE7 handles certain types of content, said Paul Ferguson, threat researcher at Trend Micro. The code contains an ActiveX object that accesses a website containing a downloader, which exploits the vulnerability.

The victim's machine is then hit with a backdoor trojan, capable of communicating via SSL encryption with a third-party server and harvesting data such as login credentials, he said.

"As you well know from the whole Downadup/Conficker thing, cybercriminals are leveraging the fact that people don't apply patches in a timely manner," Ferguson said.

The malware appears to originate in China and may be the first inkling of a forthcoming spate of malicious emails targeting pro-Tibet groups, Ferguson said. Similar attacks occurred around this time last year.

"The 50th anniversary [of the failed Tibetan uprising against China] is right around the corner," he said. "Even though we haven't seen emails being targeted [against pro-Tibet groups], all of the fingerprints are very similar in nature to that same type of campaign."

So far, the only victim that Trend Micro is aware of is an Asian journalist, Ferguson said.

A Microsoft spokeswoman said the company is aware of the new exploit and is investigating.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.