14 DAY TRIAL // Security researchers from FireEye have identified a new attack targeting the recently disclosed Internet Explorer vulnerability, which employs a more reliable exploit and distributes a different backdoor.
This past Tuesday, Microsoft confirmed the existence of an yet unpatched critical remote code execution vulnerability in Internet Explorer 6, 7 and 8, which was being exploited in the wild.
The flaw was discovered by Symantec in a limited attack targeting key people in various organizations. Fake emails, posing as hotel reservation notifications directed recipients to a rogue page.
After checking the operating system and IE version, this page loaded the exploit, which infected computers with a backdoor known as Pirpi.
The distribution vectors of that attack were neutralized, but security researchers from security vendor FireEye, warn that a more powerful one has since taken its place.
The new attack uses a better, more reliable, exploit, the previous one causing browsers to crash a lot, without successful code execution.
In addition, the new payload is a variant of a different backdoor called Hupigon. This piece of malware is believed to be of Chinese origin and first appeared back in 2007.
Nevertheless, there are also many similarities between the two attacks, which suggests that the people behind them might be the same, or are at least connected.
For example, both backdoors are downloaded by the exploit's shell code from remote servers in the form of obfuscated GIF files with fake headers.
"At this time it appears that the majority of cyber criminals do not have access to this exploit," said Atif Mushtaq, a security research engineer at FireEye.
"But in the coming days, as the research community releases more and more details, other groups will likely come into play and start using this vulnerability as a powerful vehicle to launch new cyber attacks," he added.
Microsoft will not address this IE vulnerability next Tuesday, as part of its normal patch cycle. However, if Mr. Mushtaq's prediction comes true, the company might be forced to release an out-of-band fix.