Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Explorer 0-day Attacks On US Nuke Workers Hit 9 Other Sites

Posted by timothy on from the now-this-gives-pause dept.

SternisheFan writes with an excerpt from Ars Technica: "Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least nine other websites, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes, security researchers said. The revelation, from a blog post published Sunday by security firm AlienVault, means an attack campaign that surreptitiously installed malware on the computers of federal government workers involved in nuclear weapons research was broader and more ambitious than previously thought. Earlier reports identified only a website belonging to the US Department of Labor as redirecting to servers that exploited the zero-day remote-code vulnerability in IE version 8. ... 'The specific Department of Labor website that was compromised provides information on a compensation program for energy workers who were exposed to uranium,' CrowdStrike said. 'Likely targets of interest for this site include energy-related US government entities, energy companies, and possibly companies in the extractive sector. Based on the other compromised sites other targeted entities are likely to include those interested in labor, international health and political issues, as well as entities in the defense sector.'"

2 of 157 comments (clear)

  1. Wow by colinrichardday · · Score: 0, Troll

    Lousy programming from Microsoft, who could have known?

  2. Thanks for the help, Microsoft! by bobdehnhardt · · Score: -1, Troll

    From the article:

    Microsoft confirmed the remote code-execution vulnerability on Friday night. Versions 6, 7, 9, and 10 of the browser are immune to these attacks, so anyone who can upgrade to one of the latest two versions should do so immediately or switch to a different browser. For anyone who absolutely can not move away from IE 8, company researchers recommend the following precautions:

    Helpfully, Microsoft has pulled that advisory. Going to http://technet.microsoft.com/en-us/security/advisory/2847140 gets you a 404 error message now.

    Thanks, Microsoft!