14 DAY TRIAL // A few days ago, AlienVault experts reported identifying a new watering hole attack that abused the Site Exposure Matrices (SEM) website of the US Department of Labor (DOL). At the time, researchers believed that an old Internet Explorer vulnerability (CVE-2012-4792) was exploited.
However, it turns out that the vulnerability is an Internet Explorer 8 zero-day, which has already been confirmed by Microsoft.
Researchers from several security firms have investigated the attacks and the zero-day, including FireEye, Symantec and Invincea.
In a post published on Sunday, AlienVault’s Jamie Bilasco revealed that the US Department of Labor is not the only entity affected by the exploit. At least 9 other websites – including ones belonging to aerospace, defense and security organizations – have been found to be redirecting visitors to a malicious server.
According to Invincea, the Internet Explorer 8 zero-day is utilized to push the Poison Ivy backdoor Trojan.