Article

Zero-day IE exploit just the beginning

Shawna McAlearney, Information Security Magazine Online Editor

A zero-day exploit targeting an Internet Explorer (versions 5 and forward) vulnerability is being used to install a Trojan on vulnerable systems. Experts warn that it's only a prelude to a series of attacks that are likely to be highly successful.

"This zero-day exploit

    Requires Free Membership to View

is huge. It will likely be a major and highly successful, vector of attack upon thousands of computers for some time," says Ken Dunham, malicious code intelligence manager at iDEFENSE. "We have verified that attackers are installing backdoor Trojans and dialers on targeted computers at will."

"Multiple examples of the exploit code are available for attackers to analyze and use in crafting their own attack," adds Dunham. "This type of code availability and underground activity traditionally foreshadows a flurry of malicious attacks."

Microsoft first issued a patch for the "object type" vulnerability on Aug. 20. The flaw allows an attacker to compromise a system by embedding malicious code in a Web page. If the Web page is viewed with a fully patched IE browser, the malicious code embedded in the Web page will execute. The "object type" vulnerability patch doesn't prevent this variation of the flaw, but Microsoft plans to issue a fix shortly.

"Microsoft is investigating reports of a malicious Web site that exploits a variation on a vulnerability originally patched in MS03-032," said a Microsoft spokesman. "While we will release a fix for this variation shortly, users can help protect against this newly reported issue by changing their IE Internet security zone settings to prompt them before running ActiveX components. MSO3-032 has been updated to included steps for customizing IE security settings."

Unlike some other vulnerabilities, this one requires no user interaction.

"This isn't a training issue where users are told not to accept certain certificates or controls," says Dunham. "If a computer is vulnerable it will be infected without any user interaction other than simply surfing the Internet."

FOR MORE INFORMATION:

Microsoft security bulletin: MS03-032

Ask the experts

FEEDBACK: How do you prioritize deployment of critical Windows patches in your enterprise?
Send your feedback to the SearchSecurity.com news team.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: