Symantec Finds the Hackers Behind Microsoft’s Latest Zero-Day Flaw

The Elderwood group is apparently trying to exploit the IE vulnerability

Microsoft has recently confirmed that Internet Explorer 8 and older versions are affected by a security flaw that would allow attackers to take control of a vulnerable system once the user loads a compromised website.

While the Redmond-based technology company is still working on a patch, security firm Symantec says the new zero-day flaw is actually a continuation of the Elderwood Project, as it has found evidence that the infamous group Elderwood is behind the exploit.

This isn’t the first time when Elderwood hackers are involved in exploiting Microsoft zero-day vulnerabilities, as the group discovered a total of four different flaws affecting Internet Explorer last year.

All of them involved compromised websites serving malicious files that could allow cybercriminals to break into vulnerable systems.

Symantec says it has discovered several similarities between all these attacks and the new issue, including a function named HeapSpary.

“HeapSpary is a clear mistyping of Heap Spray, a common attack step used in vulnerability exploitation. In addition to this commonality, there are many other symbols in common between the files,” the security firm explained.

“It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in watering hole attacks and we expect them to continue to do so in the New Year.”

Security vendor Avast has also confirmed that several websites have been compromised to deliver malicious software in order to exploit the IE flaw, but Microsoft claims it has only received reports of a small number of attacks.

The company has recently released a “Fix it” solution for Internet Explorer 8 and older that helps users configure browsers in a way that would keep them on the safe side, while a security update is expected to be released sometime this month.

Internet Explorer 9 and Internet Explorer 10 are not affected by the issue, so users are recommended to upgrade to one of these two versions.

Hot right now  ·  Latest news