IE Users Targeted In New Zero-Day Exploit

Microsoft is trying to resolve a zero-day exploit that enabled hackers to target Windows users, the company disclosed over the weekend. The loophole only concerns users of IE 6, 7 and 8, and was apparently used to target individuals who visited the Council on Foreign Relations’ website, which harbored the malware.

AlienVault security pro Jaime Blasco says that the malicious code taps into memory that should have been properly freed by IE, and uses it as a beach head to hijack the user’s PC. The malware also leverages Adobe Flash Player, but a second zero-day exploit has not yet been identified by experts.

AlienVault, said Blasco, had begun looking into the “watering hole” attacks stemming from the CFR website at the beginning of the week, and had alerted the Microsoft Security Response Center (MSRC) that it suspected IE harbored a zero-day vulnerability.

In a watering hole campaign, hackers identify their intended targets, even to the individual level, then scout out which websites they frequently visit. Attackers next compromise one or more of those sites, plant malware on them, and like a lion waits at a watering hole for unwary wildebeests, wait for unsuspecting users to surf there.

You can find a more full explanation in this blog post by Microsoft’s Jonathan Ness and Cristian Craioveanu. The piece provide all the technical details as well as a library that offers as temporary until Microsoft rolls out a more complete patch.

SiliconAngle analyst John Cassaretto believes Cybersecurity needs to become a much bigger priority in 2013, especially for the public sectors.  He shared his views on some of the progress that the government has made in this field and offered his predictions for 2013 in one of his most recent appearances on our morning NewsDesk program.  See Cassaretto’s full analysis here.