Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Microsoft’s recent security updates fail to provide protection against a recently discovered zero-day vulnerability, which could provide opportunities for cyber criminals to compromise PCs.

    Several websites were found rigged with a malicious JavaScript detected by Trend Micro as JS_DLOAD.MD. This script exploits this zero-day vulnerability in Internet Explorer, through a Heap Spray on SDHTML. It also checks for the IE version installed on the affected system, since this exploit targets IE7.

    After a successful exploit, it triggers a series of redirections to multiple URLs, then finally connects to one of several different domains — a full list of malicious domains can be found over at ShadowServer, as they have been verifying the domains collected by them and from other security researchers across the industry.

    We detect the downloaded files as the following:

    • TSPY_ONLINEG.EJH
    • TSPY_ONLINEG.EJG
    • TSPY_ONLINEG.HAV
    • TSPY_ONLINEG.ADR

    The toolkit related to this exploit is reportedly being sold in the China underground community. This is quite logical, since TSPY_ONLINEG variants are notorious info-stealers — particularly stealing credentials related to online games, which in turn are very popular in China.

    The Trend Micro Smart Protection Network provides protection to users at a desktop level, with all related malicious domains blocked, and files detected. However, this recently discovered flaw remains unpatched by Microsoft.

    The SANS Internet Storm Center (ISC) also has additional information posted on this issue in their Daily Incident Handler’s blog.

    This threat bears strong resemblance to a couple of attacks we’ve seen this year, which were primarily targeting Chinese gamers:

    Update as of 11 December 2008, 12:00 AM PST:

    Trend Micro Researchers have found another sample of the said malware that downloads the file explorer.exe, which is now detected as RTKT_BUREY.C.

    Update as of 12 December 2008, 4:00 AM PST:

    Microsoft updated their Security Advisory initially published December 10. The update confirms that this zero-day vulnerability not only affects Internet Explorer 7 (IE7), but also all version of Internet Explorer.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice