SOURCE: BitDefender

BitDefender

March 11, 2010 14:08 ET

BitDefender® Issues Protection against New Vulnerabilities in Internet Explorer® 6 and 7

BitDefender Now Protects Against Similar Threats Used in Recent Attacks on Google and Adobe; Users of Older IE Programs Open to Infection Simply by Visiting Certain Webpages

BUCHAREST, ROMANIA--(Marketwire - March 11, 2010) -    BitDefender®, an award-winning provider of innovative anti-malware security solutions, today released an emergency update to shield users from the newly-discovered vulnerability in Internet Explorer® versions 6 and 7. Microsoft® has detailed the attack scenarios in security advisor #981374, announcing that a patch is being made in order to mitigate the vulnerability.

Users running Internet Explorer versions 6 and 7 can be infected simply by visiting a specially crafted web page that uses highly obfuscated JavaScript code to create a use-after-free error, such as a pointer being accessed after the deletion of an object. Video of the attack can been found here: http://www.malwarecity.com/blog/new-critical-ie-vulnerability-spotted-in-the-wild-772.html

Anatomy of the attack

Initially, the user is lured into visiting a specially crafted web link advertised either via spam messages or posted on bulletin boards, social networks, etc. The respective webpage contains JavaScript code obfuscated using the escape function. In order to bypass detection from various antivirus products, the script calls a secondary JavaScript that replaces a variable with the unescape string.

The decrypted result is actually the malicious payload which will trigger a heap spray attack and will write the malicious code into the browser's User Data area, making it persistent: every time the browser starts, the malicious code is executed without any subsequent intervention (drive-by download), which will result in the automatic download of a file called either notes.exe or svohost.exe (detected by BitDefender as Gen:Trojan.Heur.PT.cqW@aeUw@pbb).

This approach is similar to the one described in CVE-2010-0249 that has been used in targeted attacks against 34 major corporations including Google™ and Adobe™.

Mitigating the risks

Microsoft announced that the exploit is already in the wild and that users will be provided with a fix as soon as possible. Most likely, the vendor will issue a patch on the next "patch Tuesday", April 13. Since Internet Explorer® 8 is not vulnerable to the attack, the next logical step will be to upgrade immediately. However, many custom-made applications in the corporate environment are strongly interconnected with IE 6 or IE 7 and might not work as expected on Internet Explorer 8.

BitDefender is currently detecting the exploit and blocking the malicious code before it inflicts any damage on the computer. Moreover, all BitDefender customers have been proactively protected against the infected binaries the exploit is trying to install on the local machine.

In order to stay safe, BitDefender recommends that you download, install and update a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection and to manifest extra caution when prompted to open files from unfamiliar locations.

About BitDefender®
BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention, emerging as the industry's anti-malware innovator. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

Contact Information