The Inquirer-Home

Symantec tracks down gang behind latest Microsoft zero-day exploit

Traces Internet Explorer vulnerability back to Elderwood group
Fri Jan 04 2013, 12:15

SECURITY FIRM Symantec reckons that it has tracked down the people behind the recently discovered Internet Explorer zero-day vulnerability.

The firm says that the zero-day exploit appears to have been discovered by the Elderwood group and is a continuation of its Elderwood project, a name given to attacks and exploits based on the same infrastructure components.

The exploit is used in what is called a Watering hole attack, a system whereby people with a specific interest are targeted after visiting a particular website.

It has a less snappy, but more precise name thanks to Microsoft and this is the Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability (CVE-2012-4792).

Symantec informs us that this is a zero-day vulnerability that affects Internet Explorer 8, Internet Explorer 7, and Internet Explorer 6, adding that the Elderwood project has what appears to be "a high level of technical capability," in a PDF about the group.

The security firm is confident in saying that the group is behind this discovered exploit because of a number of commonalities that it has discovered in the SWF files used. It warned that the group might continue to devise sophisticated exploits over the course of the year.

"All the samples we identified include a function named HeapSpary. HeapSpary is a clear mistyping of Heap Spray, a common attack step used in vulnerability exploitation. In addition to this commonality, there are many other symbols in common between the files," Symantec said.

"It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in watering hole attacks and we expect them to continue to do so in the New Year." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015