by Michael Passingham
A new zero-day exploit has been discovered for Microsoft’s Internet Explorer, using compromised websites to download and install malware on users’ machines.
The latest exploit was found on US military veterans website VFW.org by security firm FireEye. Dubbed Operation SnowMan, the attack is carried out using an Adobe Flash object hidden in an iframe to install a remote-access Trojan (RAT), which can then be used to steal personal data and carry out other potentially damaging tasks.
The exploit affects web users running Microsoft’s Internet Explorer 10 and can be avoided entirely by updating to the latest version of the browser, IE11. Alternatively, users can update the EMET.dll security mitigation toolkit.
According to FireEye’s manager of threat intelligence Darien Kindlund the exploit was similar to previous attacks, but its specific methodology had not been seen before. “The vulnerability is a previously unknown use-after-free [memory corruption flaw] in Microsoft Internet Explorer event handling,” he told V3. “Microsoft is aware and they are working on a fix ASAP.”
He said in a blog post that SnowMan was similar to other attacks known as DeputyDog and Ephemeral Hydra. These previous attacks have targeted public-sector organisations and companies in the fields of defence, law, IT and mining. Kindlund said he expected to see more similar cases in the future.
“The proven ability to successfully deploy a number of different private and public RATs using zero-day exploits against high-profile targets likely indicates that this actor(s) will continue to operate in the mid to long-term,” he concluded.
