Internet Explorer zero-day infection rates grow

By Dan Kaplan on Dec 16, 2008 10:03AM

Attacks exploiting an unpatched vulnerability in Internet Explorer spread quickly over the weekend, according to Microsoft.

Attackers are leveraging legitimate websites to more quickly spread malware that exploits a zero-day vulnerability in Internet Explorer (IE), Microsoft said this weekend.

The software giant estimated on Saturday that about 0.2 percent of worldwide IE users have surfed to websites that are hosting the exploit, according to the Microsoft Malware Protection Center blog. That number was up 50 percent from the prior day.

Researchers Ziv Mador and Tareq Saade said cybercriminals have used legitimate websites, such as a popular Taiwanese search engine, and a number of pornography sites to host the attack.

The vulnerability was announced Wednesday -- one day after Microsoft issued its monthly round of security fixes -- and affects all supported versions of IE, including the beta version of IE8. The flaw, according to Microsoft's advisory, relates to an invalid pointer reference in the data-binding function of IE.

Roughly 6,000 sites have been seeded with the malicious code, often to launch SQL injection attacks against visitors, Ivan Macalintal, advanced threats researcher at Trend Micro, said in a Saturday blog post. He said one of the infected sites was for a popular Chinese sporting goods retailer.

"Obfuscated JavaScript in the HTML webpages are also detected as JS_DLOAD.MD, the same malicious script found to exploit the zero-day vulnerability in IE (version) 7," he wrote.

Users are encouraged to apply suggested workarounds detailed in the advisory.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.

Tags: