Jump to content

IE 0-day exploit targets nuclear weapons researchers


nsane.forums

Recommended Posts

nsane.forums

"Watering hole" attack targets workers browsing federal government website.

5eAjjOc.jpg

Attackers exploited a previously unknown and currently unpatched security bug in Microsoft's Internet Explorer browser to surreptitiously install malware on the computers of federal government workers involved in nuclear weapons research, researchers said Friday.

The attack code appears to have exploited a zero-day vulnerability in IE version 8 when running on Windows XP, researchers from security firm Invincea said in a blog post. The researchers have received reports that IE running on Windows 7 is susceptible to the same exploit but have not been able to independently confirm that. Versions 6 and 7 of the Microsoft browser don't appear to be vulnerable. The blog post didn't mention the status of IE 9 or 10.

The attack was triggered by a US Department of Labor website that was compromised to redirect visitors to a series of intermediary addresses that ultimately exploited the vulnerability, according to Invincea. The exploit caused vulnerable Windows machines to be compromised by "Poison Ivy," a notorious backdoor trojan that had been modified so it was detected by only two of 46 major antivirus programs in the hours immediately following the attack. The specific webpages that were hacked dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy, the blog post said, citing this report from NextGov. That's consistent with so-called "watering hole" attacks, in which employees of a targeted organization are infected by planting malware on the sites they're known to frequent.

"The target of this attack appears to be employees of the Dept of Energy that likely work in nuclear weapons research," Invincea researchers wrote in a separate report published Wednesday. The report went on to cite this technical analysis from security firm AlienVault. It found indicators in the command servers Poison Ivy contacted that the attack was carried out by "DeepPanda," a group of hackers believed to be located in China and carry out espionage attacks on other countries.

Initial reports about the Department of Labor website compromise said an older IE vulnerability that Microsoft patched in January had been exploited. It was only in Friday's report that Invincea said this assessment is incorrect.

"For non-Invincea users, there are no known mitigations for this exploit that is currently in the wild," Friday's report warned. "For users of IE8, there is no patch currently available and with this exploit being out in the wild, the potential risk for damage is high."

When asked for comment, Microsoft released a statement that said: "Microsoft is investigating new public claims of a possible vulnerability affecting Internet Explorer 8." The company encouraged customers to follow guidelines here.

Until Microsoft has weighed in with an official advisory, readers are advised to use Google Chrome, Mozilla Firefox, or another non-IE browser, or at the very least to use versions 9 or 10 of the Microsoft browser.

view.gifView: Original Article

Link to comment
Share on other sites

  • Replies 2
  • Views 1.4k
  • Created
  • Last Reply

Update: In an advisory published a couple hours after this article went live, Microsoft confirmed a code-execution vulnerability in IE8. Versions 6, 7, 9, and 10 of the browser are immune to the exploit. People using IE8 should upgrade to versions 9 or 10, if at all possible. Those who are unable to move away from version 8 should take the following mitigations:

  • Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones

    This will help
    prevent exploitation
    but may
    affect usability
    ; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones

    This will help
    prevent exploitation
    but can
    affect usability
    , so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Link to comment
Share on other sites

lctb51,

32 minutes ago

This is exactly why gov'ts, businesses, home users, NEED to upgrade from XP to either Windows 7 or 8. Windows XP is 12 years old for heavens sake!

This quote came from Neowin site... I purely agree with it!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...