Attackers Exploit New IE7 Flaw

vulnerability Web browser

The new IE7 attack actively exploits a vulnerability already addressed by Microsoft in its monthly "Patch Tuesday" security bulletin release, issued last week.

The vulnerability, detected over the weekend by security researchers at Trend Micro, stems from a flaw in the way the IE7 browser handles errors when attempting to access deleted objects.

The threat is unleashed when users open a malicious attachment, such as a Microsoft Word document or PDF. A spammed file, which appears legitimate, is actually a malicious .DOC file that contains an ActiveX object that automatically accesses a site infused with malicious code. A successful exploit downloads a back door to victims' computers and further installs a malicious file designed to steal information. The malware then sends all stolen data to another URL via port 443.

"The exploit is pretty serious in the way that you could run code and then escalate privileges," said Jamz Yaneza, Trend Micro threat research manager. "That back door eventually installs another piece of file that opens up your computer to anyone who knows about it. Basically your system is owned."

id
unit-1659132512259
type
Sponsored post

Yaneza said that so far, the attack does not appear to be widespread. However, Yaneza said that the malware creators used a method similar to attacks originating from China exploiting the 2008 Olympic Summer Games. The malware, which appears to originate from China, might have been launched in conjunction with 50th anniversary of the Tibetan uprising this year, with politically charged social engineering messages used to entice victims to open malicious attachments, he said.

"We're putting two and two together," Yaneza said. "There's a good chance that [the attack] is packaged in this way."

Users running unpatched IE7 browsers -- the default browser on Windows systems -- are vulnerable to attack. Yaneza said that consequently, users need to keep their systems patched with the latest updates in order to protect themselves against this exploit.

"IE7 is the next target right now. It just makes sense. More than 90 percent of all desktops are using Windows," Yaneza said. "There's been some push for users to use alternative browsers. But IE7 is there by default. That's the problem with being the biggest gorilla out there."