Latest IE 0-day still unpatched, attacks exploiting it go back three months
Posted on 30 September 2013.
While Microsoft is yet to issue a patch for the latest Internet Explorer zero-day (CVE-2013-3893), reports are coming in that the flaw has been exploited more widely and for a longer time than initially believed.


Microsoft acknowledged the existence of the vulnerability and its active exploitation earlier this month, and has issued a Fix it tool to mitigate the danger until a patch can be released.

Since then, FireEye researchers have tied the attacks to the Chinese hacking group that hit Bit9 earlier this year, and have shared that the campaign ("Operation DeputyDog") was aimed at Japanese organizations and started on August 19 at the latest.

Then, on Thursday, researchers from both AlienVault and Websense release their findings regarding the exploit used.

Researcher Jaime Blasco says that they have spotted it being hosted on a subdomain of Taiwan's Government e-Procurement System, and discovered that visitors who visited the main page for the first time would be instantly redirected to the exploit page and served with a malicious file.

But not all visitors were targeted - just those whose Windows XP or Windows 7 systems were / are running in English, Chinese, French, German, Japanese, Russian, Korean, and Portuguese, and use Internet Explorer 8 or 9.

Alex Watson confirmed the Taiwan connection.

"Our ThreatSeeker Intelligence Cloud reported a potential victim organization in Taiwan attempting to communicate with the associated malicious command and control server as far back as July 1, 2013. These C&C communications predate the widely-reported first use of this attack infrastructure by more than six weeks, and indicates that the attacks from this threat actor are not just limited to Japan," he shared.

"Websense Threat Intelligence indicates that the threat actor's attacks were not limited only to Japan as previously reported. The use of separate IP addresses, domain registrations, and permutations to dropper locations indicates a high degree of segmentation between attacks and different teams using the same tool sets, exploits and C&C infrastructure," he added.









Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //