Unpatched IE7 Flaw Exploited
usrbingeek | Dec 11, 2008 | 0 comments
A newly discovered zero-day vulnerability which is an unpatched exploit in Microsoft Internet Explorer is being targeted by malware authors and script kiddies, reports Trend Micro.
Several websites were found rigged with a malicious JavaScript detected by Trend Micro as JS_DLOAD.MD. This script exploits this zero-day vulnerability in Internet Explorer, through a Heap Spray on SDHTML. It also checks for the IE version installed on the affected system, since this exploit targets IE7.
After a successful exploit, it triggers a series of redirections to multiple URLs, then finally connects to one of several different domains — a full list of malicious domains can be found over at ShadowServer, as they have been verifying the domains collected by them and from other security researchers across the industry.
After a successful exploit, it triggers a series of redirections to multiple URLs, then finally connects to one of several different domains — a full list of malicious domains can be found over at ShadowServer, as they have been verifying the domains collected by them and from other security researchers across the industry.
The toolkit related to this exploit is reportedly being sold in the China underground community. This is quite logical, since TSPY_ONLINEG variants are notorious info-stealers — particularly stealing credentials related to online games, which in turn are very popular in China.
Unpatched exploits like this are still common with Internet Explorer and it’s why we recommend users avoid using the web browser. While Firefox is far from perfect, Mozilla Corporation is much more responsive to security exploits and release security patches in a much more timely manner.
[Zero-Day IE7 Flaw Being Actively Exploited]
Filed Under: Tech News
