Network Security, Vulnerability Management

IE zero-day exploit linked to Java 7 attackers

Researchers believe a new zero-day vulnerability, affecting Internet Explorer (IE) 9 and earlier versions, was exploited by the Nitro cyber gang.

Microsoft has already released a security advisory to alert users of the bug, and said it would issue a temporary patch, which will be available within the next few days for download.

The Nitro cyber criminals, who have targeted companies in the chemical industry to steal intellectual property, were also linked to the threat that caused Oracle to release an emergency patch for Java 7 vulnerabilities in late August.

Eric Romang, a Metasploit contributor and researcher, announced the news of the exploit on Sunday in his personal blog.

“I can confirm, the zero-day season is really not over yet,” Romang wrote. “Less than three weeks after the discovery of the Java SE 7 zero-day, also known as CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild.”

In the attacks, a version of backdoor trojan Poison Ivy can infect users' machines if they view compromised websites. Poison Ivy is a remote access trojan (RAT) often distributed as a kit, which allows attackers to remotely control compromised systems. Its capabilities include key-logging, screen-capturing and remote file browsing features.

An alert from the United States Computer Emergency Readiness Team, said attackers install the malicious code by “convincing a user to view a crafted HTML document [like a] web page or an HTML email message or attachment.”

The malware can allow remote perpetrators to launch denial-of-service attacks or gain unauthorized access to the system or files of victims, according to the alert.

In an email to SCMagazine.com on Tuesday, Liam O Murchu, manager of operations at Symantec Security Response said researchers at the firm had also confirmed the zero-day vulnerability affecting IE 7, 8 and 9.

“At this stage, there is no patch available to fix the issue, so users need to be extra vigilant,” Murchu said. “The most effective way to protect themselves until an update is released is to ensure that they have security software installed and up-to-date.”

Yunsun Wee, director of Microsoft Trustworthy Computing, said in the Microsoft advisory posted Monday that IE 10 was not affected by the vulnerability.

“We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue,” Wee said.

Until the update is released, IE users are directed to download the Enhanced Mitigation Experience Toolkit (EMET) version 3.0 to prevent exploitation of the vulnerability without affecting website access. Users were also encouraged to set internet and local intranet security zone settings to “high.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.