Attackers exploit unpatched Internet Explorer vulnerability
According to a blog post by security specialist Eric Romang, a security hole in Microsoft's Internet Explorer web browser is being used by cyber criminals to infect computers with malware. The vulnerability, which was apparently unknown and unpatched until now, seems to hinge on how IE handles <img> arrays in HTML files. So far, the attackers have only targeted versions 7 and 8 of IE on fully patched Windows XP SP3 systems; it is not yet certain whether the exploit can be used with other software combinations.
Romang discovered the code on a server that is apparently being used for targeted attacks by the Chinese hacker group known as the Nitro gang. The first exploit for the critical Java vulnerability that Oracle fixed with an emergency patch late last month was also found on a server that seems to be linked to the Nitro gang.
- Tue, 2013-05-07 00:34
- Mon, 2013-05-06 01:17
- Fri, 2013-04-05 08:03