Internet Expolorer Vulnerabilities Highlighted

One of the unresolved Zero-day vulnerabilities that Internet Explorer has is currently under the spotlight. Analysts believe that an increasing number of people are exploiting this vulnerability and it was only last week that many realised this. People first came to know of it when FirmEye a security firm, reported this vulnerability during the Operation DeputyDog when a large number of firms in Japan came under attack.

AlienVault, FireEye and WebSense have all noticed and made reports of campaigns that used this vulnerability to create and spread malware. There was more than one group involved in the operation that took advantage of the many security bugs present in Internet Explorer to target Middle East countries and financial institutions. The government agencies came under attack of Trojans and several such malware. Many more attacks remained undiscovered to date.

AlienVault uncovered the attack on a sub-domain in the Taiwan Government e-Procurement system. Hack-for-hire groups did the hacking. The malware redirects first time users to the ‘exploit page’ using Javascript. WebSense showed that the still present vulnerability in the Internet Explorer presented by Microsoft helped several groups of hackers to extract vital information from companies operating in the Asia-Pacific zone.

These attacks had a larger scope of operation than what one thought them to be. FireEye points out that several groups of people used the same infrastructure to push different malware through the Internet. One such example was PoisonIvy —Remote Access Trojan (RAT). These appeared long after the first malware DeputyDog set off the alarm in Japan.

APT campaigns were capable of utilising or reusing the same infrastructure to create new attacks. Hackers may have started use of CVE-2013-3893. The analysts reached this conclusion but the fact may be that attackers may have used the CnC infrastructure before it found use in DeputyDog. The attacks must have started a long time ago, since the vulnerability has existed for a long time now.