Security Bytes: Zero-day attack targets IE

News Analysis

Security Bytes: Zero-day attack targets IE

SearchSecurity.com Staff

Zero-day attack targets IE
Researchers at Sunbelt Software warned Monday that they've detected a new zero-day attack against Internet Explorer (IE). The attacks are originating from a series of pornographic Web sites based in Russia, with the goal of dropping malicious code onto Windows machines to make them part of botnets. The attacks are targeting a buffer overflow caused by how IE handles VML (Vector Markup Language) code, Eric Sites, Sunbelt's vice president of research and development, said in the company's blog. Sites said Microsoft has been informed of Sunbelt's findings, and that the exploit can be mitigated by turning off javascripting.

DHS names new cybersecurity chief
After a year-long wait, the Department of Homeland Security named its first cybersecurity czar Monday. DHS Secretary Michael Chertoff released a statement appointing information security policy expert Gregory Garcia as assistant secretary for cyber security and telecommunications. Garcia most recently worked for the Information Technology Association of America, serving as the industry group's vice president for information security policy and programs. His main responsibility now is to help the nation prevent catastrophic cyberattacks.

Worm spreads via AOL IM
FaceTime Security Labs is warning of a new worm that uses AOL Instant Messenger to spread. The apparent goal of Win32.Pipeline is to hijack machines that could be used in a botnet. Pipeline delivers a malicious file that's advertised as a JPEG image, and calls out to host computers that install rootkits and Trojans horse programs on the affected machine. Attackers could then use the hijacked machines to send out spam, commit a variety of fraud and cause distributed denial-of-service attacks. Like many IM worms, FaceTime said in a statement, Pipeline first appears as an instant message from a familiar contact, luring users into clicking on a link with a contextual phrase. The IM message "hey would it okay if i upload this picture of you to my blog?" downloads a command file called image18.com, which is disguised as a JPEG. Running the file results in csts.exe being created in the user's system32 folder, part of the Windows operating system.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy