A couple back-to-back Java vulnerabilities hit the cyber waves a few weeks back. The cyber criminal gang that exploited those vulnerabilities seems to have developed a new zero-day attack. This time the attack has Internet Explorer in its crosshairs.
Security researchers are reporting there is a new zero-day vulnerability affecting Internet Explorer — IE 7 and 8 on Windows XP, and IE 9 on Windows Vista and Windows 7 — that allows scumbags to remotely install malware on infected computers. The exploit on Windows XP is using Flash as the delivery mechanism, so anyone on Windows XP running Internet Explorer 7 or 8 with Flash installed is vulnerable. Do take note the bug appears to be Internet Explorer 7 and 8, not Flash, but uninstalling Flash should still protect you. The exploit on Windows Vista and Windows 7 affects users of Internet Explorer 9 that have Java 6 or Microsoft Visual C runtime library installed (this presumably affects Internet Explorer 7 and 8 on Windows Vista/Win7 also, although there is no confirmation on that). As with Windows XP, the vulnerability appears to be with Internet Explorer 9 on Vista and Win7 and not Java or Visual C runtime library, but uninstalling them should keep you safe.
Anyone visiting an infected website with Internet Explore 7/8/9 — and meeting the conditions mentioned above — can have their PC exploited; however, reports say currently in-the-wild attacks are only aimed at Windows XP users. These in-the-wild attacks are currently installing the Poison Ivy backdoor trojan. To make matters worse, as ArsTechnica points out, major anti-virus and anti-malware vendors have not yet started to detect the infected files (because they are new) so your anti-virus or security program likely won’t protect you, yet.
Yunsun Wee of Microsoft Trustworthy Computing has released a statement acknowledging Microsoft knows about “targeted attacks” that may affect “some versions of Internet Explorer”. Wee mentions Microsoft has confirmed Internet Explorer 10 is not affected and are investigating the other versions of IE. Wee also suggests users install Microsoft’s Enhanced Mitigation Experience Toolkit which is “designed to help prevent hackers from gaining access to your system”.
The best way to currently protect yourself is to obviously not use Internet Explorer. If you can, install a different browser such as Firefox or Chrome or Opera for the time being and only go back to Internet Explorer once this has been patched. (Better yet, never go back to Internet Explorer…) However, as HD Moore, CSO of security firm Rapid7, points out, some programs and tool use an embedded version of Internet Explorer for web browsing functionality so even if you don’t directly use Internet Explorer, you may still be vulnerable. Stay clear of such programs and tools until this is patched, if possible.
dotTech will be sure to let you know once these vulnerabilities have been fixed.