The exam results webpage hosted on the official site of a high school in Jiangsu, China, has been compromised to serve as part of an attack that exploits the recently patched vulnerability in Microsoft XML Core Services.
Trend Micro experts identified the hijacked website just before the Redmond company released the permanent patch
for the flaw.
The large number of users who visited the website during the time it was altered were redirected multiple times until they reached a domain that hosted HTML_EXPLOYT.AE.
The exploit code generated memory corruption, causing certain versions of Internet Explorer to crash. After the successful execution of the memory corruption in the browser, a shell code would be launched.
In the end, a piece of malware was pushed onto the victim’s computer.
Fortunately, the website has been cleaned up, but this incident once again highlights the importance of applying updates, especially the ones for the operating system and other critical components.