We’ve just received reports of several sites using the new IE zero-day exploit in conjunction with a Web Attacker kit. Previously, Web Attacker kits were more commonly used with known browser vulnerabilities, many of which were already patched by Microsoft. However, now that its being used with the new IE 0-day, alot more users may be vulnerable to this sort of attack.
For those people who have never heard of Web attacker kits, it gained quite a bit of media attention earlier this year. It’s basically a user-friendly, do-it-yourself type of hacking kit. That particular kit was made available to the public via a russian-based website for a sinfully low price ranging from 15 to 20 US Dollars. Any script kiddie could easily purchase the kit off the internet and infect computers using the code provided with the kit. Then after that, all that’s left to be done is spam messages containing the link to the compromised website.
This just serves as another heads up. We’re still trying to get more information on this. Hopefully more will be available soon. Stay tuned for updates!