Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Zero-Day Vulnerability

    Microsoft recently released a security advisory for a vulnerability in Internet Explorer (IE) that allows remote code execution. According to the report, the vulnerability, which affects IE 6, 7, and 8, is caused by an invalid flag reference within the browser and was initially found on a single site, which has since been taken offline.

    Our researchers were able to acquire a sample of the exploit for the said vulnerability and have analyzed the threat. We detect the main page that delivered the exploit as HTML_BADEY.A. This page downloads a backdoor detected as BKDR_BADEY.A. This backdoor, in turn, downloads various encrypted files that when decrypted contain the commands that the backdoor will perform.

    Further attacks exploiting this attack are likely. We have seen a new hacking tool, HKTL_ELECOM that allows cybercriminals to generate pages that contain the JavaScript code, which exploits this vulnerability. This makes exploiting the vulnerability easier, which means that attacks that target it will probably become more commonplace.

    It is not clear when this vulnerability will be patched but until then, users can take some steps to protect themselves. The beta version of IE 9 is not affected by this vulnerability so users can upgrade to this version to protect themselves against this vulnerability. Other mitigating steps are mentioned in the advisory though these will cause most, if not all, sites to improperly load.

    The mitigating steps force the use of a user-specified CSS sheet (breaking site formatting) and disabling scripting (disabling many site features). Users can also check that Data Execution Prevention (DEP) is enabled, which will help reduce the potential effects of any exploit. Instructions for these mitigation steps are found in the Microsoft security advisory.

    Trend Micro users are well protected against this threat, as the malware used in this attack are already detected. We also suggest downloading Browser Guard, an IE add-on that protects against vulnerability exploits, including this one for free.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice