Microsoft issues advisory on Internet Explorer drive-by attack

Microsoft is warning customers of a new zero-day vulnerability in Internet Explorer being actively targeted by attackers using drive-by attacks.

A memory allocation error, present in Internet Explorer 6, 7, and 8 could enable an attacker to execute code and gain access to a victim's machine. An attack website was discovered targeting the IE flaw in drive-by attacks. Internet Explorer 9 Beta is not affected by the issue, Microsoft said.

"The exploit code was discovered on a single website that is no longer hosting the malicious code," said Jerry Bryant, group manager of response communications in the Microsoft Trustworthy Computing Group.

In a blog entry, Bryant said engineers were working on an automated "fix-it" repair until a permanent patch could be released. Currently, the issue "does not meet the criteria for an out-of-band release," Bryant said.

Drive-by attacks have become an increasingly common method of attack. Users are often lured to visit a malicious website in an email message, an instant message or through poisoned search engine results. Often times legitimate websites are compromised to host attack code. Blogs, social networks and Web forums can also be used to host drive-by attacks.

The Microsoft Security Advisory outlined a number of workarounds to mitigate the threat posed by the vulnerability, which include reading email messages in plain text, applying a customer cascading style sheet as an override when reading html data, enabling data execution prevention (DEP) in IE 7 and deploying the Enhanced Mitigation Experience Toolkit. (EMET).

Microsoft said the vulnerability could be targeted by attackers using drive-by attack websites or by compromising websites that accept or host user-provided content, such as blogs and social networks. In addition, website display advertisements can be compromised to trigger an exploit that targets the flaw.

"In all cases, however, an attacker would have no way to force users to visit these websites," Microsoft said. "Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or in an instant messenger message that takes users to the attacker's website."

A successful attack could give cybercriminals complete control of a victim's machine and the ability to download additional malware or attempt to gain access to the network.

View the original article here

Microsoft issues advisory on Internet Explorer drive-by attack

Microsoft is warning customers of a new zero-day vulnerability in Internet Explorer being actively targeted by attackers using drive-by attacks.

A memory allocation error, present in Internet Explorer 6, 7, and 8 could enable an attacker to execute code and gain access to a victim's machine. An attack website was discovered targeting the IE flaw in drive-by attacks. Internet Explorer 9 Beta is not affected by the issue, Microsoft said.

"The exploit code was discovered on a single website that is no longer hosting the malicious code," said Jerry Bryant, group manager of response communications in the Microsoft Trustworthy Computing Group.

In a blog entry, Bryant said engineers were working on an automated "fix-it" repair until a permanent patch could be released. Currently, the issue "does not meet the criteria for an out-of-band release," Bryant said.

Drive-by attacks have become an increasingly common method of attack. Users are often lured to visit a malicious website in an email message, an instant message or through poisoned search engine results. Often times legitimate websites are compromised to host attack code. Blogs, social networks and Web forums can also be used to host drive-by attacks.

The Microsoft Security Advisory outlined a number of workarounds to mitigate the threat posed by the vulnerability, which include reading email messages in plain text, applying a customer cascading style sheet as an override when reading html data, enabling data execution prevention (DEP) in IE 7 and deploying the Enhanced Mitigation Experience Toolkit. (EMET).

Microsoft said the vulnerability could be targeted by attackers using drive-by attack websites or by compromising websites that accept or host user-provided content, such as blogs and social networks. In addition, website display advertisements can be compromised to trigger an exploit that targets the flaw.

"In all cases, however, an attacker would have no way to force users to visit these websites," Microsoft said. "Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or in an instant messenger message that takes users to the attacker's website."

A successful attack could give cybercriminals complete control of a victim's machine and the ability to download additional malware or attempt to gain access to the network.

View the original article here

Rogue antivirus spoofs Firefox, Google attack warning pages

» VIEW ALL POSTS Oct 20 2010   2:03PM GMT

Posted by: Robert Westervelt
Rogue Antivirus, Phishing, malicious URLs, malware

Spoofed warning page includes a download link attempting to trick users with a phony browser update.

Security researchers at F-Secure and Websense have discovered cybercriminals pitching rogue antivirus software using a spoofed version of attack warning pages used in Firefox and Google Chrome designed to block users from visiting malicious websites.

The phony attack page includes a download link that purports to be a browser update, but instead downloads rogue antivirus software, according to F-Secure.

According to F-Secure:

If your scripts are enabled, you don’t even need to click on the “Download Updates!” button. It will just offer the rogue AV to you.

It then refuses to let the user cancel the download.

In addition, Websense researchers found an iFrame that installs the Phoenix exploit kit from a different domain. Phoenix is used by cybercriminals pimping rogue AV to harvest data on infected machines and dupe the end user into buying the antivirus software. The kit consists of nine exploits for browser vulnerabilities, Java flaws, Flash errors and Adobe Reader bugs.

             

View the original article here

Rogue antivirus spoofs Firefox, Google attack warning pages

» VIEW ALL POSTS Oct 20 2010   2:03PM GMT

Posted by: Robert Westervelt
Rogue Antivirus, Phishing, malicious URLs, malware

Spoofed warning page includes a download link attempting to trick users with a phony browser update.

Security researchers at F-Secure and Websense have discovered cybercriminals pitching rogue antivirus software using a spoofed version of attack warning pages used in Firefox and Google Chrome designed to block users from visiting malicious websites.

The phony attack page includes a download link that purports to be a browser update, but instead downloads rogue antivirus software, according to F-Secure.

According to F-Secure:

If your scripts are enabled, you don’t even need to click on the “Download Updates!” button. It will just offer the rogue AV to you.

It then refuses to let the user cancel the download.

In addition, Websense researchers found an iFrame that installs the Phoenix exploit kit from a different domain. Phoenix is used by cybercriminals pimping rogue AV to harvest data on infected machines and dupe the end user into buying the antivirus software. The kit consists of nine exploits for browser vulnerabilities, Java flaws, Flash errors and Adobe Reader bugs.

             

View the original article here