Security Bytes: Zero-day attack targets IE

By SearchSecurity.com Staff 19 Sep 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Zero-day attack targets IE
Researchers at Sunbelt Software warned Monday that they've detected a new zero-day attack against Internet Explorer (IE). The attacks are originating from a series of pornographic Web sites based in Russia, with the goal of dropping malicious code onto Windows machines to make them part of botnets. The attacks are targeting a buffer overflow caused by how IE handles VML (Vector Markup Language) code, Eric Sites, Sunbelt's vice president of research and development, said in the company's blog. Sites said Microsoft has been informed of Sunbelt's findings, and that the exploit can be mitigated by turning off javascripting.

DHS names new cybersecurity chief
After a year-long wait, the Department of Homeland Security named its first cybersecurity czar Monday. DHS Secretary Michael Chertoff released a statement appointing information security policy expert Gregory Garcia as assistant secretary for cyber security and telecommunications. Garcia most recently worked for the Information Technology Association of America, serving as the industry group's vice president for information security policy and programs. His main responsibility now is to help the nation prevent catastrophic cyberattacks.

Worm spreads via AOL IM
FaceTime Security Labs is warning of a new worm that uses AOL Instant Messenger to spread. The apparent goal of Win32.Pipeline is to hijack machines that could be used in a botnet. Pipeline delivers a malicious file that's advertised as a JPEG image, and calls out to host computers that install rootkits and Trojans horse programs on the affected machine. Attackers could then use the hijacked machines to send out spam, commit a variety of fraud and cause distributed denial-of-service attacks. Like many IM worms, FaceTime said in a statement, Pipeline first appears as an instant message from a familiar contact, luring users into clicking on a link with a contextual phrase. The IM message "hey would it okay if i upload this picture of you to my blog?" downloads a command file called image18.com, which is disguised as a JPEG. Running the file results in csts.exe being created in the user's system32 folder, part of the Windows operating system.

Tags: Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Browser Security Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary browser hijacker  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) honey monkey  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) NCSA  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary