14 DAY TRIAL // Security researchers from the Sourcefire have come across an exploit kit that uses an interesting technique to write an executable file on the disk without using an exploit.
To achieve this, the exploit kit uses VBScript, the Active Scripting language developed by Microsoft. Unlike other exploit kits, this one doesn’t need to leverage vulnerabilities in Java, Adobe or other software to serve the malware.
By using VBScript, cybercriminals can execute malicious code without downloading an actual executable file and without using an exploit.
Researchers have tested the attack on Windows XP running IE 8 and on Windows 7 running IE 9. In both cases, users are prompted that the malicious website wants to run an add-on called “Microsoft Script Runtime” from Microsoft.
It’s likely that users will click the “Allow” button considering that the application seems legitimate. The malware distributed in this attack is Win.Trojan.Ircnite-27.