Dec10
2:20 pm (UTC-7)   |   by JM Hipolito (Technical Communications)

Microsoft’s recent security updates fail to provide protection against a recently discovered zero-day vulnerability, which could provide opportunities for cyber criminals to compromise PCs.

Several websites were found rigged with a malicious JavaScript detected by Trend Micro as JS_DLOAD.MD. This script exploits this zero-day vulnerability in Internet Explorer, through a Heap Spray on SDHTML. It also checks for the IE version installed on the affected system, since this exploit targets IE7.

After a successful exploit, it triggers a series of redirections to multiple URLs, then finally connects to one of several different domains — a full list of malicious domains can be found over at ShadowServer, as they have been verifying the domains collected by them and from other security researchers across the industry.

We detect the downloaded files as the following:

  • TSPY_ONLINEG.EJH
  • TSPY_ONLINEG.EJG
  • TSPY_ONLINEG.HAV
  • TSPY_ONLINEG.ADR

The toolkit related to this exploit is reportedly being sold in the China underground community. This is quite logical, since TSPY_ONLINEG variants are notorious info-stealers — particularly stealing credentials related to online games, which in turn are very popular in China.

The Trend Micro Smart Protection Network provides protection to users at a desktop level, with all related malicious domains blocked, and files detected. However, this recently discovered flaw remains unpatched by Microsoft.

The SANS Internet Storm Center (ISC) also has additional information posted on this issue in their Daily Incident Handler’s blog.

This threat bears strong resemblance to a couple of attacks we’ve seen this year, which were primarily targeting Chinese gamers:

Update as of 11 December 2008, 12:00 AM PST:

Trend Micro Researchers have found another sample of the said malware that downloads the file explorer.exe, which is now detected as RTKT_BUREY.C.

Update as of 12 December 2008, 4:00 AM PST:

Microsoft updated their Security Advisory initially published December 10. The update confirms that this zero-day vulnerability not only affects Internet Explorer 7 (IE7), but also all version of Internet Explorer.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Wednesday, December 10th, 2008 at 2:20 pm and is filed under Malicious Sites, Malware, Vulnerabilities . You can leave a response, or trackback from your own site.



18 Responses to “Zero-Day IE Flaw Being Actively Exploited”

Trackbacks

  1. Zero Day mobile edition
  2. Rich_at_Dell (Richard Bernier)
  3. Jean Ghalo — Where It All Begins :: Microsoft IE Big Security Hole
  4. Security Alert Issued for Internet Explorer Zero-Day Flaw | Community Site News
  5. Serious security flaw found in IE 7 use alternative - Life Burner
  6. Si usas Internet Explorer, abandónalo - al menos una temporada » El Blog de Enrique Dans
  7. Grave vulnerabilidad en algunas versiones de Microsoft Explorer « Que no! Que no me da la gana de tener un blog
  8. Twitter_Tips (Tips, Tools, Status)
  9. CreativeWisdom (Leah Dossey)
  10. techstud (Jason C. )
  11. paulawhite (Paula White )
  12. MassRon (MassRon)
  13. Divapalooza (Angela Stevens)
  14. DaveSinkula (DaveSinkula)
  15. IE7 Users Cautioned! | Pinoy Gaming Network: Game Reviews and Technology News for Filipino Gamers and Enthusiasts
  16. Microsoft: Big Security Hole in All IE Versions | MCI Cabinetry and Furniture Inc.
  17. No utilizar Internet Explorer durante un tiempo. « - SyLmaX -
  18. ABANDONA INTERNET EXPLORER | tonorama

Leave a Reply


Security in Recession
December Patch Tuesday Summary


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice