Attacks appear imminent as IE exploit is improved

The attack, first released on Friday, is made more reliable

Robert McMillan (IDG News Service)
26 November, 2009 08:36
Comments

Hackers working on the open-source Metasploit project have spiffed up a zero-day attack on Microsoft's Internet Explorer, making it more reliable -- and more likely to be used by criminals.

Security experts have been worried about the flaw since it was first disclosed on the Bugtraq mailing list Friday. But the original demonstration code was unreliable and has not been used in real-world attacks.

"The Metasploit exploit that was released last night will be more reliable against certain attacks than the initial exploit," said Ben Greenbaum, senior research manager with Symantec, in an interview Wednesday.

As of Wednesday morning, Symantec had not seen the exploit used in Internet-based attacks, but security experts say this type of code is for a very popular hacking technique called a drive-by attack. Victims are tricked into visiting Web sites that contain malicious code where they are then infected via the browser vulnerability. Criminals also place this type of code on hacked Web sites in order to spread their attacks.

On Monday, Microsoft published a Security Advisory on the flaw, offering some workarounds for the issue. It affects IE version 6 and version 7.

Microsoft's latest IE 8 browser is not affected by the bug, which has to do with the way that IE retrieves certain Cascading Style Sheet (CSS) objects, used to create a standardized layout on Web pages.

Concerned IE users can upgrade their browser or disable JavaScript in order to avoid an attack.

To improve the exploit, the Metasploit team used a technique borrowed from two well-known security researchers, Greenbaum said. "The initial exploit used heap-spraying technology," he said.

"It's kind of like a shotgun attack, where you try a lot of things at once and hope one of them catches."

The latest attack uses a .net dlll memory technique developed by Alexander Sotirov and Marc Dowd.

"This will be much more reliable than the heap-spraying technology," he added. "There's really no question about it."

Come socialise with us! Facebook | LinkedIn

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: Microsoft, Symantec

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"Les escarpins louboutin pas cher apportent les femmes coupled with d'elegance et ..."

Conroy to receive secret filter forum report
"How would the source and need graph appear like? I'm a minimal ..."

Telstra announces HTC One XL
"This article touches on some of the points of cloud security. Seems ..."

Tech Watch: Who watches the datacentre?
"You really make it seem so easy with your presentation but I ..."

Preview: HTC One S
"I would assume being more exposed to the outside elements during a ..."

Facebook scammers host Trojan horse extensions on the Chrome Web Store

Tags: exploits and vulnerabilities, internet explorer, Microsoft

ARN Directory | Distributors relevant to this article

Anyware Corporation , Aquion , ASI Solutions , Bluechip Infotech , Compucon Computers , Dicker Data , Express Data , Express Online , ICT Distribution , Impact Systems Technology , Leader Computers , Lynx Technologies , NewLease , Synnex Australia , Topstar Computer International , XiT Distribution , Xpress I.T.

ARN Directory | Vendors relevant to this article

Symantec

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Latest Jobs

FTSAP Basis ConsultantNSW
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
FTSales Account ManagerNSW
FTSAP Basis ConsultantACT
FTChange Management ProfessionalsNSW
FTSales Account ManagerNSW
CCOBIEE ConsultantWA
CCSAP PM ConsultantNSW
FTQM Trainer and ConsultantNSW
CCSAP FICO ConsultantNT
CCAPAC Campaign ManagerNSW

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

AVG (AU/NZ) Pty Ltd

AVG Wants You!

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Resources

Premier Media Group Fast Study

A Fast Study is a succinct, easy to read Case Study. Spectra Logic aims to provide an overview of how to obtain the right solution for data archive, backup and recovery.

Most Popular Resource Papers

Market Potential-Strategy Guide to the Active Archive Market

The active archive market is a growing segment where tape is seen as part of a disk or network fileystem. This means that to an end user disk and tape are “blended” and whether file is held on disk or tape is “invisible” to the end user. The active archive market is the fastest growing space in the storage industry and allows direct end user access to tape through a file system front end.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management