Nytro Posted November 5, 2010 Report Share Posted November 5, 2010 New Zero-Day Vulnerability Hits Internet ExplorerMicrosoft recently released a security advisory for a vulnerability in Internet Explorer which allows remote code execution. According to the report, the vulnerability—which affects Internet Explorer 6, 7, and 8–is caused by an invalid flag reference within Internet Explorer, and was initially found on a single website, which has since been taken offline.Our researchers were able to acquire a sample of the exploit for the said vulnerability and have analyzed the threat. We detect the main page that delivered the exploit as HTML_BADEY.A. This page downloads a backdoor, which is detected as BKDR_BADEY.A. This backdoor, in turn, downloads various encrypted files. These encrypted files, when decrypted, contain the commands that the backdoor will perform.Further attacks exploiting this attack are likely. We have seen a new hacking tool, HKTL_ELECOM which allows cybercriminals to generate pages that contain the JavaScript code which exploits this vulnerability. This makes exploiting the vulnerability easier, which means that attacks that target will probably become more commonplace.It is not clear when this vulnerability will be patched, but until then users can take some steps to protect themselves. The beta version of Internet Explorer 9 is not affected by this vulnerability, and users can upgrade to this version to protect against this vulnerability. Other mitigating steps are mentioned in the advisory, but these mitigating steps will cause most, if not all, websites to load improperly.The mitigating steps force the use of a user-specified CSS style sheet (breaking site formatting) and disabling scripting (disabling many site features). Users can also check that Data Execution Prevention (DEP) is enabled, which will help reduce the potential effects of any exploits. Instructions for these mitigation steps are found in the Microsoft security advisory.Trend Micro users are well protected against this threat, with the malware threats used in this attack already detected. We also suggest downloading Browser Guard, an add-on for Internet Explorer that protects against IE vulnerabilities, including this particular attack – for free.Sursa: New Zero-Day Vulnerability Hits Internet Explorer | Malware Blog | Trend Micro Quote Link to comment Share on other sites More sharing options...
