Slashdot Mirror

← Back to Stories (view on slashdot.org)

New IE Zero-Day Being Exploited In the Wild

Posted by Unknown on from the die-ie-die dept.

wiredmikey writes "A new zero-day vulnerability affecting Internet Explorer is being exploited in the wild affecting IE 9 and earlier. The vulnerability, if exploited, would allow full remote code execution and enable an attacker to take over an affected system. Security researcher Eric Romang discovered the vulnerability and exploit over the weekend while monitoring some infected servers said to be used by the alleged Nitro gang. To run the attack, a file named 'exploit.html' is the entry point of the attack ... According to analysis by VUPEN, the exploit takes advantage of a 'use-after-free vulnerability' that affects the mshtml.dll component of Internet Explorer. Rapid7 on Monday released an exploit module for Metaspolit which will let security teams and attackers alike test systems."

9 of 134 comments (clear)

  1. I/E 9 at risk by minstrelmike · · Score: 4, Funny

    I'm shocked. Shocked I tell you.

    1. Re:I/E 9 at risk by localman57 · · Score: 4, Funny

      Also, I think they should modify all future browsers to use extra caution when opening a file called "exploit.html" . In retrospect, it seems so obvious...

    2. Re:I/E 9 at risk by girlintraining · · Score: 5, Insightful

      I'm shocked. Shocked I tell you.

      Almost every major browser in use has had a vulnerability. Those that haven't are vulnerable because of commonly-used plugins. It's not just IE9, it's browsers in general... it's the repeated and systemic perversion and added complexity of trying to turn the web into the end-all and be-all of the internet. When it was created, the uses for it were not as complicated as they are now.

      It's the complexity of the web that is its vulnerability -- I honestly don't think there's a way to write a truly-secure web browser because everything from the protocols up have been shoehorned into things they were never designed to do. The entire thing needs to be jettisoned -- html, css, xml, http, ssl, everything. We need to start over from scratch, and build a new set of protocols and specifications, not just continually band-aid over existing ones. And this time, security needs to be a design consideration from the start, not evolved in.

      Anyone with an understanding of information systems' security will tell you -- security needs to be built in from the start or it doesn't matter how much effort you put in later, you're going to be chasing down problems forever. Start with a secure and vetted design and it's a lot more likely to perform. Of course, real security would mean that governments, corporations, and other interested parties wouldn't be able to snoop on what you're doing -- anything sent in the clear can be screwed with. Oh... and it wouldn't be as convenient as it is today; You'd have to think about what you were doing, instead of blithering about and when you get "hacked" blaming everyone but yourself.

      Real security would mean no more excuses... from anyone. That's why you won't exactly be seeing a parade down main street anytime soon congratulating people on making computers more secure; Responsibility? Not on MY internet!

      --
      #fuckbeta #iamslashdot #dicemustdie
  2. Day Zero by puddingebola · · Score: 3, Funny

    Been saing for years that if we'd just get rid of day zero on the calendar that so many security concerns could be solved, but instead we get yet another vulnerability. How did this happen on day 260?

  3. Getting fed up by gravyface · · Score: 4, Interesting

    of shoddy browser security. Could this not be "solved" with proper sandboxing? If there's legacy code to support (this has been cited many times in the past for reasons why), please, please fork IE into two branches: IE Classic or whatever that's fully backwards compatible, and an IE Lite that's completely sandboxed and locked down for wide-spread corporate deployment.

    --
    body massage!
  4. Re:Question: by thetoadwarrior · · Score: 5, Informative

    Ie 9 isn't on XP.

  5. exploit yes, virus no by planckscale · · Score: 5, Informative
    This exploit has been targeting chem and defense companies. The thing about these exploits is that they typically are just a method to drop the actual payload which is usually a virus or trojan. In this case it looks like the payload is Poison Ivy, which was added to NOD32 AV defs back in 2008. Yes, the attacker could compromise the machine and get admin shell, but the majority of the time they’re installing a keylogger or other virus which NOD32 will catch.

    From TFA:

    First, a file named “exploit.html” appears to be the entry point of the attack, which loads “Moh2010.swf”, an encrypted Flash file that it decompress in memory.

    According to AlienVault's Jaime Blasco, the payload dropped is Poison Ivy, as was the case with the previous Java zero-day. Poison Ivy is a remote administration tool (RAT) that was used the Nitro attacks that targeted chemical and defense companies. Interestingly, after exploitation, the attack loads “Protect.html”, a file that checks to see if the Web site is listed in the Flash Storage settings, and if it is, the Web browser will no longer be exploited despite additional visits to the malicious site.

    --
    Namaste
  6. Re:Does this include IE9-64? by WD · · Score: 4, Informative

    Yes, IE9-64 is affected by the vulnerability. Whether exploits in the wild will succeed against it is another question...

  7. Internet Explorer is still a thing? by Trogre · · Score: 4, Funny

    Isn't IE that tool people use to download Firefox?

    --
    "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife