IE 9 and 10 Zero-Day Attack Targeting U.S. Veterans
Those that have upgraded to the latest version of Microsoft's Web browser (Internet Explorer 11) are not at risk for attack.
Microsoft confirmed on Thursday that an Adobe Flash vulnerability in Internet Explorer 9 and 10 is currently being used in attacks that have been targeting U.S. military veterans who visit the Veterans of Foreign Wars (VFW) Web site.
"Microsoft is aware of limited, targeted attacks against Internet Explorer 9 and 10," said Microsoft in an e-mailed statement. "As our investigation continues, we recommend customers upgrade to Internet Explorer 11 for added protection,"
Security firm FireEye first discovered that a zero-day exploit was being used to target U.S. veterans and said the attack coincided with this week's snow storm that left many federal works (including some government IT employees) unable to get to work.
FireEye said that attackers first compromised the VFW Web site and inserted an iframe at the beginning of the site's HTML code that automatically opens up the attackers' harmful Web site in the background. After the site is opened, a harmful Flash object is run that exploits the Internet Explorer vulnerability (first only believed to be found in IE 10).
The exploit then allows attackers to install malicious code on a targeted computer.
Speaking to Computerworld, Darien Kindlund, manager of threat intelligence at FireEye, said the group behind the VTW attack is a well-known group that typically operates by locating and exploiting new 0-day attacks instead of modifying known attack vectors like many hacking groups do.
"Once this operation subsides, they'll probably restart again," said Kindlund. "It still seems they're achieving mission success based on the slight tweaks they've done to their attack methodology."
While Microsoft has not sent word if an out-of-band patch is coming for the IE flaw, the best way to avoid being attacked with this exploit is to upgrade to the latest version of Microsoft's Web browser, Internet Explorer 11. Also, execution of the exploit will be cancelled for those running Microsoft's Experience Mitigation Toolkit (EMET). Further, a Microsoft security advisory should be on its way with workarounds detailed until a permanent fix is available.
Even though there have yet to be additional active attacks seen using this exploit, look for it to be leveraged more in the future due to the possible large number of attack targets According to Web analytic reporting firm Net Applications, 31.2 percent of all active Internet Explorer users are using either IE 9 or 10.