Internet Explorer zero-day infection rates grow

By on

Attacks exploiting an unpatched vulnerability in Internet Explorer spread quickly over the weekend, according to Microsoft.

Attackers are leveraging legitimate websites to more quickly spread malware that exploits a zero-day vulnerability in Internet Explorer (IE), Microsoft said this weekend.



The software giant estimated on Saturday that about 0.2 percent of worldwide IE users have surfed to websites that are hosting the exploit, according to the Microsoft Malware Protection Center blog. That number was up 50 percent from the prior day.



Researchers Ziv Mador and Tareq Saade said cybercriminals have used legitimate websites, such as a popular Taiwanese search engine, and a number of pornography sites to host the attack.



The vulnerability was announced Wednesday -- one day after Microsoft issued its monthly round of security fixes -- and affects all supported versions of IE, including the beta version of IE8. The flaw, according to Microsoft's advisory, relates to an invalid pointer reference in the data-binding function of IE.



Roughly 6,000 sites have been seeded with the malicious code, often to launch SQL injection attacks against visitors, Ivan Macalintal, advanced threats researcher at Trend Micro, said in a Saturday blog post. He said one of the infected sites was for a popular Chinese sporting goods retailer.



"Obfuscated JavaScript in the HTML webpages are also detected as JS_DLOAD.MD, the same malicious script found to exploit the zero-day vulnerability in IE (version) 7," he wrote.



Users are encouraged to apply suggested workarounds detailed in the advisory.




See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
explorer grow infection internet rates security zeroday

Sponsored Whitepapers

The 5 steps to effective data protection
The 5 steps to effective data protection
Understanding the next security control points: applications and workloads
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
How and why to backup your Office 365 tenant

Events

Most Read Articles

Coles Group taps Australia Post as it assembles a new-look tech leadership team

Coles Group taps Australia Post as it assembles a new-look tech leadership team
Intel orders ASML system for well over $470 million

Intel orders ASML system for well over $470 million
South Australian gov issues breach notice to hacked payroll provider

South Australian gov issues breach notice to hacked payroll provider
Kmart Group lands new head of cyber security

Kmart Group lands new head of cyber security

Digital Nation

Fringe innovation unlocks power of diverse thinking
Fringe innovation unlocks power of diverse thinking
Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Highlights 2021: Automation drives marketing success but complexity torments delivery
Highlights 2021: Automation drives marketing success but complexity torments delivery
Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture

Log In

Email:
Password:
  |  Forgot your password?