A PREVIOUSLY UNDISCOVERED security vulnerability in Microsoft's Internet Explorer (IE) web browser has led to a series of attacks targeting American military personnel.
Security researchers at Fireeye identified the vulnerability upon discovering a zero-day exploit hosted on a breached website based in the US. The exploit, known as CVE-2014-0322, is being served from the US Veterans of Foreign Wars' (VFW) website, Fireeye claimed.
"It's a brand new zero day that targets IE 10 users visiting the compromised website - a classic drive-by download attack," the firm said. "Upon successful exploitation, this zero-day attack will download [an] XOR encoded payload from a remote server, decode and execute it."
Fireeye, which said it is collaborating with Microsoft Security to tackle the flaw, believes the attack is a "strategic web compromise" targeting American military personnel amid a paralysing snowstorm in Washington, DC leading up to the US Presidents Day holiday weekend.
"Based on the overlaps and tradecraft similarities, it is believed that the actors behind the campaigns are associated with two previously identified campaigns, Operation Deputy Dog and Operation Ephermeral Hydra, which had previously targeted a number of different industries," a Fireeye spokesperson said.
These industries included US government entities, Japanese firms, defence industry companies, law firms, IT companies and mining companies as well as non-governmental organisations (NGOs).
Explaining how the hackers were able to compromise the VFW website, Fireeye said the attackers added an iframe into the beginning of the website's HTML code that loaded the attacker's webpage in the background.
The exploit targets IE 10 users with Adobe Flash and it aborts exploitation if the user is browsing with a different version of IE or has installed Microsoft's Experience Mitigation Toolkit (EMET), Fireeye advised. This means that users can avoid the threat by installing EMET or updating IE to version 11, both of which prevent the exploit from functioning.
Microsoft reiterated Fireeye's advice. A spokesperson told The INQUIRER, "Microsoft is aware of limited, targeted attacks against Internet Explorer. As our investigation continues, we recommend customers upgrade to Internet Explorer 11 for added protection."
Or you could just avoid the Microsoft browser altogether and running an alternative like Google Chrome or Mozilla Firefox. µ
Sign up for INQbot – a weekly roundup of the best from the INQ