The Inquirer-Home

Hackers exploit Internet Explorer 10 zero-day bug in targeted attacks on military

Update to IE 11 to dodge the risk of attack - or just use Chrome
Fri Feb 14 2014, 11:23
Microsoft Internet Explorer

A PREVIOUSLY UNDISCOVERED security vulnerability in Microsoft's Internet Explorer (IE) web browser has led to a series of attacks targeting American military personnel.

Security researchers at Fireeye identified the vulnerability upon discovering a zero-day exploit hosted on a breached website based in the US. The exploit, known as CVE-2014-0322, is being served from the US Veterans of Foreign Wars' (VFW) website, Fireeye claimed.

"It's a brand new zero day that targets IE 10 users visiting the compromised website - a classic drive-by download attack," the firm said. "Upon successful exploitation, this zero-day attack will download [an] XOR encoded payload from a remote server, decode and execute it."

Fireeye, which said it is collaborating with Microsoft Security to tackle the flaw, believes the attack is a "strategic web compromise" targeting American military personnel amid a paralysing snowstorm in Washington, DC leading up to the US Presidents Day holiday weekend.

"Based on the overlaps and tradecraft similarities, it is believed that the actors behind the campaigns are associated with two previously identified campaigns, Operation Deputy Dog and Operation Ephermeral Hydra, which had previously targeted a number of different industries," a Fireeye spokesperson said.

These industries included US government entities, Japanese firms, defence industry companies, law firms, IT companies and mining companies as well as non-governmental organisations (NGOs).

Explaining how the hackers were able to compromise the VFW website, Fireeye said the attackers added an iframe into the beginning of the website's HTML code that loaded the attacker's webpage in the background.

"The attacker's HTML/Javascript page runs a Flash object, which orchestrates the remainder of the exploit," Fireeye explained in a blog post. "The exploit includes calling back to the IE 10 vulnerability trigger, which is embedded in the Javascript. Specifically, visitors to the VFW website were silently redirected through an iframe to the exploit."

The exploit targets IE 10 users with Adobe Flash and it aborts exploitation if the user is browsing with a different version of IE or has installed Microsoft's Experience Mitigation Toolkit (EMET), Fireeye advised. This means that users can avoid the threat by installing EMET or updating IE to version 11, both of which prevent the exploit from functioning.

Microsoft reiterated Fireeye's advice. A spokesperson told The INQUIRER, "Microsoft is aware of limited, targeted attacks against Internet Explorer. As our investigation continues, we recommend customers upgrade to Internet Explorer 11 for added protection."

Or you could just avoid the Microsoft browser altogether and running an alternative like Google Chrome or Mozilla Firefox. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Coding challenges

Who’s responsible for software errors?