On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet

December 9th, 2008

Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks

Posted by Ryan Naraine @ 10:42 am

Categories: Anti Virus, Browsers, Exploit code, Hackers, Java, Malware, Microsoft, Patch Watch, Pen testing, Research, Responsible disclosure, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Flaw, Microsoft Internet Explorer 7, Microsoft Internet Explorer, Hacker, Attack, Web Browsers, Security, Internet, Ryan Naraine

IE7 drive-by downloads zero dayMalicious hackers are exploiting a zero-day flaw in Microsoft’s Internet Explorer browser to launch a new wave of drive-by downloads, according to a warning from security researchers.

The Web attacks, first reported by Bob McMillan, takes aim at users running IE 7 on Windows XP SP2 and includes the use of a Trojan downloader that commandeers Windows machines for nefarious purposes.  They come on the same day Microsoft will ship critical patches for a wide range of vulnerabilities, including some affecting Internet Explorer.

I have confirmed the exploits have been rigged into hacked Chinese-language Web sites.   According this blog post (Google translation), there is public proof-of-concept code that suggests the attacks may become more widespread.

[ GALLERY: How to configure Internet Explorer to run securely

McMillan reports:

The code exploits a bug in the way IE handles XML (Extensible Markup Language) and works on the browser about “one in three times,” Huang said in an instant message interview. For the attack to work, a victim must first visit a Web site that serves the malicious JavaScript code that takes advantage of the flaw.

In attacks, the code drops a malicious program on the victim’s PC which then goes to download malicious software from various locations.

[ SEE: Coming on Patch Tuesday: 8 bulletins, 6 critical ]

A spokesman for Microsoft said the company is investigating the issue and offered this statement:

Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.

To minimize risk to computer users, Microsoft continues to encourage responsible disclosure.  By reporting vulnerabilities directly to a vendor, it helps ensure that customers receive comprehensive, high-quality updates while reducing the risk of attack.

Later today, Microsoft plans to ship a “critical” IE update to fix code execution holes in the world’s most widely used Web browser.  However, that patch will not provide cover for this latest vulnerability.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 36 Talkback(s)
RE: Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks
In my experience UAC defeats itself. Within 1/2 a day of using vista finding out how to turn the damn thing off was No.1 on my agenda.
And I read recently it is still being cited as the No.1 thing ... (Read the rest)
Posted by: paul_bruford@... Posted on: 12/16/08  (Edited: 12/16/08 @ 04:37) You are currently: a Guest | | Terms of Use
Cmon Loverock, Comment On This One!  itanalyst2@... | 12/09/08
I dunno...  Spiritusindomit@... | 12/10/08
So this doesn't affect XP SP3 or Vista?  NonZealot | 12/09/08
But when 70% of Windows users don't update...  olePigeon | 12/09/08
Actually...  wolf_z | 12/09/08
Do you see where it says "Add your opinion"?  NonZealot | 12/09/08
agreed  gnesterenko | 12/09/08
*slow clap*  Spiritusindomit@... | 12/10/08
Now if only MS could patch users  voska1 | 12/09/08
Sure looks like it does...  gfeier | 12/09/08
Wake Up Call - check this one  deaf_e_kate | 12/10/08
I'd bet a couple bucks  rtk | 12/10/08
Confirmation that UAC was off.  rtk | 12/11/08
"Limits the impact"  msalzberg | 12/12/08
so much for..  jamesrayg | 12/10/08
RE: Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks  Loverock Davidson | 12/09/08
Just about every.....  todbran@... | 12/09/08
Then you are out of date  Loverock Davidson | 12/09/08
Avoiding Me Again Chickenboy  itanalyst2@... | 12/09/08
Unfortunately....  todbran@... | 12/09/08
The referenced article states "It works on XP SP2". I did not see...  ye | 12/09/08
More On Said and Unsaid  DannyO_0x98 | 12/09/08
Likely not an issue on Vista due to Protected Mode.  ye | 12/09/08
Either way  Loverock Davidson | 12/09/08
Agreed. (nt)  ye | 12/09/08
panic with this one then  deaf_e_kate | 12/10/08
"Presumably"  justanitguy | 12/10/08
In Touch with Reality  leecav | 12/10/08
Best joke in the article  Chad_z | 12/09/08
Is it?  jamesrayg | 12/09/08
Security work?  todbran@... | 12/10/08
*golf clap*  jamesrayg | 12/10/08
Re: Best joke in the article  V@... | 12/09/08
As a matter of fact.....  todbran@... | 12/10/08
You know folks the issue really is....  CrashPad | 12/10/08
RE: Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks  paul_bruford@... | 12/16/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here