Nine more websites have fallen victim to a
sophisticated cyber attack targeting a zero-day vulnerability in
Microsoft's Internet Explorer 8 (IE8).
AlienVault reported uncovering at least another nine hijacked legitimate websites being used by hackers to spread espionage-focused malware.
"We have found that the US Department of Labor website wasn't the only entity affected and we can confirm that at least nine other websites were redirecting to the malicious server at the same time," wrote AlienVault's Jaime Blasco.
"The list of affected sites includes several non-profit groups and institutes as well as a big European company that plays on the aerospace, defence and security markets."
The attack was originally discovered by AlienVault on 1 May, targeting a vulnerability in IE8. Microsoft confirmed that it is aware of the issue and is working on a patch to plug the vulnerability.
"We released Security Advisory 2847140 to alert customers to a vulnerability affecting Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected," said Microsoft Trustworthy Computing group manager Dustin Childs.
"We strongly encourage customers to follow the workarounds listed in the advisory while we continue working on a full update to address this issue."
The malware is similar to one used in a previous cyber assault believed to stem from China and lets hackers steal useful information such as what security programmes the infected computer system has, as well as which Java and Flash version is being used.
"We do not know if China is responsible but the techniques, the exploit code and the usage of that piece of malware matches what CrowdStrike reported a few months ago and was linked to Chinese actors," Blasco told V3.
Researchers have warned that even with the promised patch, it is likely that the hacker will continue to target the exploit. Security expert Brian Krebs cited the exploits' appearance on free penetration testing service Metasploit as proof that it is only a matter of time before it appears on automated exploit kits like Blackhole.
Krebs wrote: "A new module that exploits this IE8 bug is now available for the Metasploit Framework, a free penetration testing tool. I would expect this exploit or some version of it will soon be rolled into commercial exploit kits that are sold in the cybercrime underground (assuming this has not already happened)."
The attack is one of many to believed to have stemmed from Chinese hackers. Most recently Verizon reported that 96 percent of the known espionage attacks targeting its networks stemmed from China.
Worse still, the US Department of Defense said that the methods used in the attacks are becoming more sophisticated in its Military and Security Developments Involving the People's Republic of China 2013 report to Congress on Monday.
AlienVault reported uncovering at least another nine hijacked legitimate websites being used by hackers to spread espionage-focused malware.
"We have found that the US Department of Labor website wasn't the only entity affected and we can confirm that at least nine other websites were redirecting to the malicious server at the same time," wrote AlienVault's Jaime Blasco.
"The list of affected sites includes several non-profit groups and institutes as well as a big European company that plays on the aerospace, defence and security markets."
The attack was originally discovered by AlienVault on 1 May, targeting a vulnerability in IE8. Microsoft confirmed that it is aware of the issue and is working on a patch to plug the vulnerability.
"We released Security Advisory 2847140 to alert customers to a vulnerability affecting Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected," said Microsoft Trustworthy Computing group manager Dustin Childs.
"We strongly encourage customers to follow the workarounds listed in the advisory while we continue working on a full update to address this issue."
The malware is similar to one used in a previous cyber assault believed to stem from China and lets hackers steal useful information such as what security programmes the infected computer system has, as well as which Java and Flash version is being used.
"We do not know if China is responsible but the techniques, the exploit code and the usage of that piece of malware matches what CrowdStrike reported a few months ago and was linked to Chinese actors," Blasco told V3.
Researchers have warned that even with the promised patch, it is likely that the hacker will continue to target the exploit. Security expert Brian Krebs cited the exploits' appearance on free penetration testing service Metasploit as proof that it is only a matter of time before it appears on automated exploit kits like Blackhole.
Krebs wrote: "A new module that exploits this IE8 bug is now available for the Metasploit Framework, a free penetration testing tool. I would expect this exploit or some version of it will soon be rolled into commercial exploit kits that are sold in the cybercrime underground (assuming this has not already happened)."
The attack is one of many to believed to have stemmed from Chinese hackers. Most recently Verizon reported that 96 percent of the known espionage attacks targeting its networks stemmed from China.
Worse still, the US Department of Defense said that the methods used in the attacks are becoming more sophisticated in its Military and Security Developments Involving the People's Republic of China 2013 report to Congress on Monday.
No comments:
Post a Comment