Internet Explorer Zero-Day Attack Targets Nuclear Researchers
Microsoft has confirmed the existence of a zero-day code-execution exploit for Internet Explorer 8 that's currently being used in a series of watering-hole attacks.
The watering-hole attacks (a technique used in attacks directed at a specific population of Internet users) target American government employees and contractors who work in the nuclear research sector, and Europeans who work in the defense, security and aerospace industries and non-profit groups.
That's an indication that the attackers may be collecting sensitive military information on behalf of a nation-state.
The vulnerability affects machines running IE 8 on Windows XP, Windows Vista and Windows 7. Other versions of Internet Explorer, including the older IE 6 and IE 7, are not affected, a Microsoft security advisory states. The exploit is mitigated on Windows Server 2003 and 2008.
To mitigate their risk, users of IE 8 should upgrade to Internet Explorer 9 or 10 if they are running Windows Vista or a later version of Windows. Windows XP users should switch to a non-Microsoft browser until the security hole is patched.
American victims became infected last week after visiting a U.S. Department of Labor website that attackers had corrupted.
The Department of Labor site was rigged to redirect users to another site that infected computers with an iteration of the infamous "Poison Ivy" Trojan, which was able to avoid detection by all but two major anti-virus products.
The infected Web pages dealt specifically with nuclear research-related illnesses that affect employees working to develop atomic weapons for the U.S. Department of Energy, a report from NextGov said.
Computer-security firm CrowdStrike said its research indicated the campaign had started in March and had infected victims in 37 countries, although the bulk of victims were in the United States.
"Based on the other compromised sites, other targeted entities are likely to include those interested in labor, international health and political issues, as well as entities in the defense sector," CrowdStrike wrote on its blog.
In watering-hole attacks, malware is embedded in Web pages thought to be of interest for a specific group.
In late December, a watering-hole attack thought to be of Chinese origin targeted U.S. foreign-policy officials and academics by using the website of the Council on Foreign Relations as a lure. The same malware was later found on websites based in Hong Kong, Taiwan, Russia and California.
Later in January, a different watering-hole campaign used online mobile-app-developer forums to infect Macintosh computers on the corporate networks of Apple, Evernote, Facebook, Microsoft, Twitter and, rumor had it, approximately a dozen other companies.