Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Microsoft’s recent security updates fail to provide protection against a recently discovered zero-day vulnerability, which could provide opportunities for cyber criminals to compromise PCs.

    Several websites were found rigged with a malicious JavaScript detected by Trend Micro as JS_DLOAD.MD. This script exploits this zero-day vulnerability in Internet Explorer, through a Heap Spray on SDHTML. It also checks for the IE version installed on the affected system, since this exploit targets IE7.

    After a successful exploit, it triggers a series of redirections to multiple URLs, then finally connects to one of several different domains — a full list of malicious domains can be found over at ShadowServer, as they have been verifying the domains collected by them and from other security researchers across the industry.

    We detect the downloaded files as the following:


    The toolkit related to this exploit is reportedly being sold in the China underground community. This is quite logical, since TSPY_ONLINEG variants are notorious info-stealers — particularly stealing credentials related to online games, which in turn are very popular in China.

    The Trend Micro Smart Protection Network provides protection to users at a desktop level, with all related malicious domains blocked, and files detected. However, this recently discovered flaw remains unpatched by Microsoft.

    The SANS Internet Storm Center (ISC) also has additional information posted on this issue in their Daily Incident Handler’s blog.

    This threat bears strong resemblance to a couple of attacks we’ve seen this year, which were primarily targeting Chinese gamers:

    Update as of 11 December 2008, 12:00 AM PST:

    Trend Micro Researchers have found another sample of the said malware that downloads the file explorer.exe, which is now detected as RTKT_BUREY.C.

    Update as of 12 December 2008, 4:00 AM PST:

    Microsoft updated their Security Advisory initially published December 10. The update confirms that this zero-day vulnerability not only affects Internet Explorer 7 (IE7), but also all version of Internet Explorer.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice