Dec10 |
2:20 pm (UTC-7) | by
JM Hipolito (Technical Communications) |
Microsoft’s recent security updates fail to provide protection against a recently discovered zero-day vulnerability, which could provide opportunities for cyber criminals to compromise PCs.
Several websites were found rigged with a malicious JavaScript detected by Trend Micro as JS_DLOAD.MD. This script exploits this zero-day vulnerability in Internet Explorer, through a Heap Spray on SDHTML. It also checks for the IE version installed on the affected system, since this exploit targets IE7.
After a successful exploit, it triggers a series of redirections to multiple URLs, then finally connects to one of several different domains — a full list of malicious domains can be found over at ShadowServer, as they have been verifying the domains collected by them and from other security researchers across the industry.
We detect the downloaded files as the following:
- TSPY_ONLINEG.EJH
- TSPY_ONLINEG.EJG
- TSPY_ONLINEG.HAV
- TSPY_ONLINEG.ADR
The toolkit related to this exploit is reportedly being sold in the China underground community. This is quite logical, since TSPY_ONLINEG variants are notorious info-stealers — particularly stealing credentials related to online games, which in turn are very popular in China.
The Trend Micro Smart Protection Network provides protection to users at a desktop level, with all related malicious domains blocked, and files detected. However, this recently discovered flaw remains unpatched by Microsoft.
The SANS Internet Storm Center (ISC) also has additional information posted on this issue in their Daily Incident Handler’s blog.
This threat bears strong resemblance to a couple of attacks we’ve seen this year, which were primarily targeting Chinese gamers:
- A Very Convoluted Chinese Gaming-Info-Stealing Campaign
- Targeted Attack Against Chinese Gamers in New Zero-Day Exploit
Update as of 11 December 2008, 12:00 AM PST:
Trend Micro Researchers have found another sample of the said malware that downloads the file explorer.exe, which is now detected as RTKT_BUREY.C.
Update as of 12 December 2008, 4:00 AM PST:
Microsoft updated their Security Advisory initially published December 10. The update confirms that this zero-day vulnerability not only affects Internet Explorer 7 (IE7), but also all version of Internet Explorer.
Share this article |
 |
        |
Pingback: ABANDONA INTERNET EXPLORER | tonorama
Pingback: No utilizar Internet Explorer durante un tiempo. « - SyLmaX -
Pingback: Microsoft: Big Security Hole in All IE Versions | MCI Cabinetry and Furniture Inc.
Pingback: IE7 Users Cautioned! | Pinoy Gaming Network: Game Reviews and Technology News for Filipino Gamers and Enthusiasts
Pingback: Grave vulnerabilidad en algunas versiones de Microsoft Explorer « Que no! Que no me da la gana de tener un blog
Pingback: Si usas Internet Explorer, abandónalo - al menos una temporada » El Blog de Enrique Dans
Pingback: Serious security flaw found in IE 7 use alternative - Life Burner
Pingback: Security Alert Issued for Internet Explorer Zero-Day Flaw | Community Site News
Pingback: Jean Ghalo — Where It All Begins :: Microsoft IE Big Security Hole
Pingback: Zero Day mobile edition