• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Cybercrime   »   Council of Foreign Relations hacked due to zero-day flaw

Council of Foreign Relations hacked due to zero-day flaw

  • Posted on:January 2, 2013
  • Posted in:Cybercrime, Privacy & Policy
  • Posted by:
    Trend Micro
0

Those accessing the Council of Foreign Relations website via Internet Explorer received an unpleasant surprise in their proverbial stocking this holiday season. The CFR's website was infected with a Trojan that exploited a zero-day flaw in older versions of the web browser which was previously unknown and set the users up for a drive-by download infection.

"The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," Microsoft said in a security advisory posted on its website. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

The malware in question affected users with versions 6 through 8 of Internet Explorer, with people who use versions 9 and 10 sidestepping the threat. PCWorld posted that a temporary fix has been made available until a proper patch is issued in the coming days. The vulnerability occurs due to corrupted browser memory and allows attackers to execute their own code within the user's computer.

Danger at the 'watering hole'

One security company classified the incident as a "watering hole" attack, in which victims are profiled and lured to malware-riddled websites through elaborate social engineering. Similar to what would happen in a spear-phishing attack, computers belonging to these specific people are sought out to be infected.

In the case of CFR, the weapon of choice was Bifrose, a backdoor virus that allows attackers to steal files from a computer.

With the attack on the CFR website, NBC News said dozens of the group's members were likely targets for state-sponsored thieves. Journalists such as Tom Brokaw and Fareed Zakaria sit on the board, as well as Former Treasury Secretary and Goldman Sachs head Robert Rubin.

"Former secretaries of state Henry Kissinger, George Shultz and James Baker are reportedly lifetime members, as are current Secretary of State Hillary Clinton and her husband, former President Bill Clinton, as well as Hillary Clinton's possible replacement Sen. John Kerry," according to NBC.

Microsoft said for those who cannot upgrade to newer versions of Internet Explorer or patch, setting the intranet security zone settings to "high" before running Active Scripting, as well as installing the Enhanced Mitigation Experience Toolkit. However, simple data security solutions are still among the best, as diligently updated browsers would have been immune from attack.

Security News from SimplySecurity.com by Trend Micro.

Related posts:

  1. Internet Explorer flaw: The first security issue for Windows XP holdouts
  2. Duqu details come to light as malware exploits zero-day Windows flaw
  3. Most external attacks from foreign lands
  4. Google claims account attacks sponsored by foreign governments

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.