In either case, clicking on the link takes the victim to a web page which kickstarts the infection process.
Generic detection for the exploit scripts seen thus far has been added as Troj/ExpJS-R. A script used to query the browser/OS version before loading the exploit script (or redirecting to a games site) has been added as Troj/JSRedir-AW.
The malicious payloads installed in such attacks are liable to change of course, but the ones seen thus far have been either proactively detected as Mal/Dropper-Y, or added as Troj/Dloadr-CYS.
SophosLabs will continue monitoring for new attacks looking to exploit this vulnerability. In the interim, aside from keeping your protection up to date, take note of the following from the Microsoft announcement:
Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected.
If you are an IE user and have not yet upgraded to version 8, take a hint! It is strongly recommended that you do so. Aside from not being affected from this particular issues, there are a whole bundle of other security related features you are missing out on otherwise.
The SophosLabs vulnerability assessment page for the IE 0-day vulnerability will be updated accordingly.
'IT 보안소식' 카테고리의 다른 글
외국 허위백신 "XP Internet Security" 의 OS에 따른 프로그램명 변경 (2) | 2010.03.11 |
---|---|
안철수연구소(Ahnlab), IE 취약점 노린 제로데이 악성코드 주의보 (0) | 2010.03.11 |
Kaspersky Lab, Gumblar 공격 최근 2월달 다시 증가 (0) | 2010.03.10 |
외환은행(Korea Exchange Bank), 인터넷뱅킹 보안에 좋은 화면키패드 설정 (2) | 2010.03.09 |
Energizer DUO USB배터리 충전기프로그램을 통해 전파되는 악성코드주의 (0) | 2010.03.09 |
댓글