Zero day attack hits the web
Researchers have spotted a first exploit for an "extremely critical" vulnerability in Microsoft's Internet Explorer.
Visitors of the infected website will automatically be infected with a new variant of the Spybot worm. The malware opens a backdoor on the system and attempts to lower the security settings, effectively turning infected systems into zombie computers.
Of the major anti virus vendors, McAfee said that had updated its anti-virus signature files to detect and remove the new Spybot variant. Symantec as of press time didn't list the worm. Trend Micro said that it's working on an update and would release a signature for the pest later on Friday afternoon (Pacific Time).
Monty IJzerman, manager of security with McAfee, content said that he expects Microsoft to release a patch soon. Secunia notified Microsoft about the threat on 13 February, he noted. "Microsoft has had some time to research this issue," IJzerman said.
The vulnerability is caused by an error in the way that the browser processes the 'createTextRange' method call on a radio button. Users can prevent infection by disabling Active Scripting in their browser settings (instructions can be found here).
Microsoft confirmed the bug on Wednesday in a blog posting and on Thursday issued a security advisory. At the time of the publication of the advisory, Microsoft said it wasn't aware of attacks using the vulnerability.
The detection of the pest caused the SANS Internet Storm Center to raise its Infocon threat level to yellow, representing the second step on a four step scale. It indicates that researchers are tracking a significant new threat but that its impact is as of yet unknown. Users are advised to take immediate specific action.
The way that the vulnerability can be exploited is similar to the Windows .wmf vulnerability that emerged last January. Back then, attackers posted infected images on websites that allowed them to execute arbitrary code on Windows systems.
McAfee's IJzerman said that he believes that the 'createTextRange' vulnerability will be harder to exploit. "The .wmf vulnerability was a feature in the Windows code that worked on any version of the Windows operating system. With the 'createTextRange' all versions are vulnerable, but exploits won't work on all versions of the operating system."
Although it requires advanced programming skills, he expected that knowledgable worm authors will be able to create a universal exploit that first determines the operating system's version and then deploys a specific patch.
Researchers have spotted a first exploit for an "extremely critical" vulnerability in Microsoft's Internet Explorer.
Visitors of the infected website will automatically be infected with a new variant of the Spybot worm. The malware opens a backdoor on the system and attempts to lower the security settings, effectively turning infected systems into zombie computers.
Of the major anti virus vendors, McAfee said that had updated its anti-virus signature files to detect and remove the new Spybot variant. Symantec as of press time didn't list the worm. Trend Micro said that it's working on an update and would release a signature for the pest later on Friday afternoon (Pacific Time).
Monty IJzerman, manager of security with McAfee, content said that he expects Microsoft to release a patch soon. Secunia notified Microsoft about the threat on 13 February, he noted. "Microsoft has had some time to research this issue," IJzerman said.
The vulnerability is caused by an error in the way that the browser processes the 'createTextRange' method call on a radio button. Users can prevent infection by disabling Active Scripting in their browser settings (instructions can be found here).
Microsoft confirmed the bug on Wednesday in a blog posting and on Thursday issued a security advisory. At the time of the publication of the advisory, Microsoft said it wasn't aware of attacks using the vulnerability.
The detection of the pest caused the SANS Internet Storm Center to raise its Infocon threat level to yellow, representing the second step on a four step scale. It indicates that researchers are tracking a significant new threat but that its impact is as of yet unknown. Users are advised to take immediate specific action.
The way that the vulnerability can be exploited is similar to the Windows .wmf vulnerability that emerged last January. Back then, attackers posted infected images on websites that allowed them to execute arbitrary code on Windows systems.
McAfee's IJzerman said that he believes that the 'createTextRange' vulnerability will be harder to exploit. "The .wmf vulnerability was a feature in the Windows code that worked on any version of the Windows operating system. With the 'createTextRange' all versions are vulnerable, but exploits won't work on all versions of the operating system."
Although it requires advanced programming skills, he expected that knowledgable worm authors will be able to create a universal exploit that first determines the operating system's version and then deploys a specific patch.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: