New Internet Explorer bug found in the wild

Share this article:

Attackers recently leveraged a zero-day vulnerability in Internet Explorer (IE) as part of a targeted email campaign that tried to trick users into following a link to a legitimate website infected with malware, researchers at Symantec said Wednesday.

The vulnerability, revealed in an advisory by Microsoft, affects all supported versions of IE. Jerry Bryant, group manager of response communications at Microsoft's Trustworthy Computing Group, said Wednesday that the software giant is not aware of any affected customers.

An exploit that tried to take advantage of the flaw showed up on a credible website but since has been removed, Bryant said in a blog post. He did not name the victim site.

Symantec researcher Vikram Thakur said in a blog post that several days ago, engineers learned that a "select group of individuals" were targeted through fraudulent emails seeking to confirm hotel room reservations.

The body of the messages contained a link, which pointed to the page of a legitimate website that contained a script designed to learn which browser and operating system versions the victims were running. If they were using IE 6 and 7, the script automatically directed them to a drive-by download page. Otherwise, it took them to a blank page.

"Visitors who were served the exploit page didn't realize it but went on to download and run a piece of malware on their computer without any interaction at all," Thakur wrote. "The vulnerability allowed for any remote program to be executed without the end user's notice."

Symantec researchers discovered that despite many employees being targeted globally, few victims actually accessed the malware file, which means most were using a browser other than IE 6 or 7.

Thakur also did not name the compromised site but said it was taken down a short time after Symantec notified Microsoft of the threat.

The Microsoft advisory contains a workaround that IT administrators are recommended to follow.

In addition, IE 8, the latest version, contains Data Execution Prevention safeguards, which likely will protect users from an exploit.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.