Hackers wield newest IE exploit in drive-by attacks
French, German governments urge users to dump IE until Microsoft produces patch
Computerworld - Hackers are attacking consumers with an exploit of Internet Explorer (IE) that was allegedly used last month by the Chinese to break into Google's corporate network, a security company said Monday.
That news came on the heels of warnings by the information security agencies of the French and German governments, which recommended that IE users switch to an alternate browser, such as Firefox, Chrome, Safari or Opera, until Microsoft fixes the flaw.
In a Monday alert Websense said it identified "limited public use" of the unpatched IE vulnerability in drive-by attacks against users who strayed onto malicious Web sites. The site Websense cited in its warned has since been yanked from its hosting server.
According to Websense, the attack code it spotted is the same as the exploit that went public last week. That code was quickly turned into an exploit module for Metasploit, the open-source penetration testing framework, by HD Moore, the creator of Metasploit and chief security officer for security company Rapid7.
Websense also said its researchers were working with Microsoft's to identify sites serving up the exploit.
On Sunday, however, Microsoft continued to downplay the threat. In a post to the Microsoft Security Research Center (MSRC) blog, George Stathakopoulos, general manager of the Trustworthy Computing Security group, repeated earlier claims by the company that it had only seen a "very limited number of targeted attacks against a small subset of corporations."
Stathakopoulos stressed that the only attacks detected thus far have been against the eight-year-old IE6. That version of Microsoft's browser lacks security measures, including DEP (data execution prevention), that are available in IE7 and IE8. For that reason, Stathakopoulos urged users of IE6 or IE7 -- the latter is potentially vulnerable to attack when run on Windows XP -- to upgrade to IE8.
However, some security organizations don't believe that is enough, and have instead recommended that users switch to another browser until Microsoft issues a patch. Both the German and French government computer security agencies have urged IE users to run a different browser.
Both BIS and CERTA called for users to ditch IE. "Pending a patch from the publisher, CERT recommends using an alternative browser," a translation of the French advisory stated.
A spokesman for Opera Software claimed that the download rate in Germany for its browser doubled over the weekend, and attributed the jump to the BIS warning.
Although U.S. researchers did not go so far as to suggest abandoning IE, some said the risk to IE users was high. "Internet Explorer users currently face a real and present danger due to the public disclosure of the vulnerability and release of attack code, increasing the possibility of widespread attacks," said George Kurtz, chief technology officer of McAfee, in a blog update Sunday.
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts