IE Zero-Day Exploit Disappears On Reboot

nk497 writes "Criminals are taking advantage of unpatched holes in Internet Explorer to launch 'diskless' attacks on PCs visiting malicious sites. Security company FireEye uncovered the zero-day flaw on at least one breached U.S. site, describing the exploit as a 'classic drive-by download attack'. But FireEye also noted the malware doesn't write to disk and disappears on reboot — provided it hasn't already taken over your PC — making it trickier to detect, though easier to purge. '[This is] a technique not typically used by advanced persistent threat (APT) actors,' the company said. 'This technique will further complicate network defenders' ability to triage compromised systems, using traditional forensics methods.'"

Re:Advanced Persistant Threat (APT)

[sinij]

APT is the new buzzword in IT security, like Web 2.0 for web developers or Cloud for the server guys. APT means bad guys of moderate sophistication all the way to government agencies, so everyone but script kiddies running standard exploit kits.

Disappears on reboot is a limitation, not feature

[sinij]

Disappears on reboot is a limitation, not a feature. If you get root you could always remove payload, if it disappears on its own then it is likely limitation of specific sandbox bypass method. If I had to guess, Zero-Day is related to ElevationPolicy fix for CVE-2013-3186.

Re:Yay!

[higuita]

Don't forget that now that is harder to do, thanks to the infinite wisdom from microsoft!!

In windows 8 (and 8.1), when you "shutdown" windows, you are really just hibernating the PC, not doing the XP shutdown... When it starts again, it will load the previous state into memory and the malware is still there (and bugs, and crashs, and trash running, etc, etc)

To really "shutdown" a windows, you need to "reboot" it (or press the power button!!)

The real solution is to use linux :)