Symantec recommends everyone to patch their computers

Aug 20, 2015 07:07 GMT  ·  By

An Internet Explorer vulnerability, which was patched by Microsoft yesterday with an out-of-band update released to Windows computers, is being used to deploy Korplug malware on vulnerable PCs, security firm Symantec said today. 

The attacks take place in Hong Kong through a website belonging to an evangelical church in Hong Kong, which according to the firm, has been compromised to deliver the malware.

Basically, attackers managed to compromise the website and inject a malicious iFrame that redirects users to a different page hosting the necessary code to exploit the Internet Explorer vulnerability.

Symantec explains how the attack goes:

"This website hosts a file called vvv.html , which redirects to one of two other files called a.js and b.js, which lead to the download of a file called java.html to the victim’s computer. Java.html installs Korplug on the computer, in the form of an executable called c.exe."

What Korplug can do to your system 

The whole purpose of the attack is to plant the malware on your computer, so obviously, the first question that comes to everyone's mind is how much damage Korplug can cause once it reaches our PCs.

The malware acts like a backdoor which can be used by the attacker to connect to your computer and access any data stored on the local drives. As Microsoft said, the vulnerability allows an attacker to obtain the same privileges as the logged-in user, so if you have an administrator account, the hacker can do basically the same things as you, without you even noticing.

The easiest way to protect against this piece of malware is to update your system and deploy the patch that Microsoft rolled out yesterday. Internet Explorer users are strongly recommended to do that, especially because all versions of the browser are also affected.

Additionally, you need to update your antivirus software because most apps already detect and remove Korplug malware.