New Attacks Against Internet Explorer

Look in this specific forum for newly found security threats which may not yet be covered by your usual security software

Moderators: Admin Team, Moderators

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

New Attacks Against Internet Explorer

Postby TeMerc » Mon Jul 06, 2009 9:05 am

Monday July 6, 2009 at 2:39 am CST
Posted by Haowei Ren, Geok Meng Ong

If you have read Geok Meng and Xiaobo’s blog published in December last year, this would almost seem like a movie sequel. Over the July 4th weekend, an exploit targeting a 0-day vulnerability in the Microsoft Microsoft DirectShow ActiveX object was widely discovered on many Chinese websites.

At the time of research, over a hundred hijacked sites were found to be injected with malicious links that are still actively hosting this trojan. Many of these sites are what you and I would not consider to be “malicious” or “dodgy”. For example, some of them are school websites or the local community club’s website that had been hijacked or infected.

During research, one of the things we found interesting was the web exploit toolkit explicitly checks that the origin of the hyperlinked references do not come from the “.gov.cn” and “.edu.cn” domains, which are used by Chinese government and education sites. If the references are not coming from any of these domains, it starts sending a cocktail of exploits:
    Exploit-MSDirectShow.b (0-day)
    Exploit-XMLhttp.d
    Exploit-RealPlay.a
    JS/Exploit-BBar
    Exploit-MS06-014

0-= Continued @ McAfee Avert Labs Blog
Image

mwdisector
Security Researcher
Security Researcher
Posts: 6
Joined: Mon Dec 29, 2008 9:45 am
experience: I know the functions, OS settings, registry tweaks and more
PC time: More than 4 hours a day
Contact:

Re: New Attacks Against Internet Explorer

Postby mwdisector » Tue Jul 07, 2009 4:04 pm

SANS has a page tracking all the sites that are exploiting this vulnerability. Check it out here:
http://isc.sans.org/diary.html?storyid=6739

--mwdisector

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: New Attacks Against Internet Explorer

Postby TeMerc » Tue Jul 07, 2009 4:13 pm

mwdisector wrote:SANS has a page tracking all the sites that are exploiting this vulnerability. Check it out here:
http://isc.sans.org/diary.html?storyid=6739

--mwdisector
Thanks!
Image


Return to “EMERGING SECURITY THREATS!”

Who is online

Users browsing this forum: No registered users and 1 guest