New zero-day vulnerability attack on IE8–So upgrade to IE9 or 10!

Published on May 4, 2013 By DrJBHL In Personal Computing

The time has come to upgrade to IE9 or 10 for all Windows users. A zero day attack started on a specific group of government workers government workers:

"The target of this attack appears to be employees of the Dept of Energy that likely work in nuclear weapons research," Invincea researchers wrote in a separate report published Wednesday.

cruising a Dep’t of Labor website which deals with illnesses observed in nuclear workers. This kind of attack using a targeted webpage to infect computers is called a “watering hole” attack as the website serves the targeted users, specifically.

Originally the vulnerability surfaced on IE8 Windows XP computers. The attack starts with a “redirect” browser hijack to imtermediary sites which then exploit the zero day vunerability using a variant of the “Poison Ivy” backdoor Trojan.

There are experts who are convinced that IE8 on Windows Vista and Windows 7 makes those systems vulnerable as well, but that is unconfirmed.

If you can’t move on from IE8, MS has issued these instructions:

Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

This attack was generated by “DeepPanda” a group of hackers believed to be in China.

Source:

http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/

Comments

DrJBHL

on May 05, 2013

The validity of this was confirmed by Microsoft today.

http://www.neowin.net/news/microsoft-confirms-exploit-in-internet-explorer-8

Hankers

on May 05, 2013

Phoon

on May 05, 2013

Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones

All good and well in theory only.

Quite a bit of medical apps require IE8 ( no higher ) and setting intranet and trusted sites to LOW. Try to get a medical app vendor to update THEIR software. HA!! Not likely at all.

DrJBHL

on May 05, 2013

Phoon, I absolutely agree. Perhaps the MS confirmation of the Poison Ivy variant's ability to enable remote code execution should worry them.

After all, HIPPA doesn't smile upon medical info being put in a vulnerable position. Maybe that fact might "alter" their mindset...especially in light of the fines involved.

Worse: Along with those records, personal info such as social security numbers might be leaked.

BernieTime

on May 05, 2013

Thanks for the heads-up Doc

alaknebs

on May 06, 2013

ie8? i read somewhere some uk gov site requires ie 6 and no higher... or some such

Zeta1127

on May 06, 2013

Updating to IE9 might be viable if it actually worked for XP, fortunately I quit using IE8 for Firefox a long time ago.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!