Nov4 |
3:35 am (UTC-7) | by
Jonathan Leopando (Technical Communications) |
Microsoft recently released a security advisory for a vulnerability in Internet Explorer (IE) that allows remote code execution. According to the report, the vulnerability, which affects IE 6, 7, and 8, is caused by an invalid flag reference within the browser and was initially found on a single site, which has since been taken offline.
Our researchers were able to acquire a sample of the exploit for the said vulnerability and have analyzed the threat. We detect the main page that delivered the exploit as HTML_BADEY.A. This page downloads a backdoor detected as BKDR_BADEY.A. This backdoor, in turn, downloads various encrypted files that when decrypted contain the commands that the backdoor will perform.
Further attacks exploiting this attack are likely. We have seen a new hacking tool, HKTL_ELECOM that allows cybercriminals to generate pages that contain the JavaScript code, which exploits this vulnerability. This makes exploiting the vulnerability easier, which means that attacks that target it will probably become more commonplace.
It is not clear when this vulnerability will be patched but until then, users can take some steps to protect themselves. The beta version of IE 9 is not affected by this vulnerability so users can upgrade to this version to protect themselves against this vulnerability. Other mitigating steps are mentioned in the advisory though these will cause most, if not all, sites to improperly load.
The mitigating steps force the use of a user-specified CSS sheet (breaking site formatting) and disabling scripting (disabling many site features). Users can also check that Data Execution Prevention (DEP) is enabled, which will help reduce the potential effects of any exploit. Instructions for these mitigation steps are found in the Microsoft security advisory.
Trend Micro users are well protected against this threat, as the malware used in this attack are already detected. We also suggest downloading Browser Guard, an IE add-on that protects against vulnerability exploits, including this one for free.
Share this article |
 |
        |
Pingback: TrendLabs: Customized Malware Targeted Vulnerable Exploits in Nov. | Trend Micro Asia Pacific Newsletters Library
Pingback: Nueva vulnerabilidad de día cero contra Internet Explorer » blog.trendmicro.es
Pingback: Secure IT » TrendLabs researchers warn Microsoft workaround breaks Web pages
Pingback: TrendLabs researchers warn Microsoft workaround breaks Web pages - Security Bytes
Pingback: Critical vulnerability exploited in Internet Explorer 6, 7 and 8 — but IE9 beta is safe!
Pingback: Critical vulnerability exploited in Internet Explorer 6, 7 and 8 — but IE9 beta is safe! — Info B Good
Pingback: Atenție! Vulnerabilitate 0 day în Internet Explorer