Another Internet Explorer Zero-Day Surfaces, Added to Exploit Kit

Paul Mah
Slide Show

Beware: 5 Security Threat Trends

Symantec Hosted Services says these five threat trends deserve your undivided attention.

A new zero-day Internet Explorer (IE) exploit first discovered by Symantec has found its way into the Eleonore exploit kit. A zero-day is basically a known security vulnerability for which an appropriate patch is not yet available. Eleonore is a relatively well-known toolkit used by hackers to take control of computer systems without the owner's permission.


Roger Thompson, Chief Research Officer at AVG elaborated on the zero-day attack on the security company's blog:

It's fairly well known (well, well-known if you're a security geek) that CVE-2010-3962 is in the Wild, but over the last couple of days, we've begun detecting it in the Eleonore Exploit Kit. This raises the stakes considerably, as it means that anyone can buy the kit for a few hundred bucks, and they have a working 0-day.

For now, exploitation of this security flaw was spotted in targeted e-mails sent to a limited number of (potential) victims. Unfortunately, the increasing number of users who make use of the preview panel means that remote code can be triggered even if an employee is computer-savvy and does not click on suspicious URLs or those from unidentified parties.


On its part, Symantec detailed the ease with which infection takes place:

Visitors who were served the exploit page didn't realize it, but went on to download and run a piece of malware on their computer without any interaction at all. The vulnerability allowed for any remote program to be executed without the end user's notice.

Underscoring the sophistication that hackers are adopting these days, care was taken to ensure that the malware does not trip any IDS (Intrusion Detection Systems) that might be in place. The malware positions itself to start with the computer and attempts to download image files from various innocuous-looking folders on a remote server. The files contain encrypted commands for the now zombie workstation.


Recommendations to protect against this problem were offered, though even Microsoft admitted that many of them could get "a little bit tricky" for common users. At the moment, the easiest method entails getting Outlook to display all e-mails in plain text format instead of HTML, so it might not be palatable to all users for obvious reasons.


A patch wasn't completed in time for October's Patch Tuesday last week, so a security update might either come in November's Patch Tuesday, or as an out-of-band update. Details of this vulnerability can be found in the Microsoft Security Advisory (2458511) here.




There is little doubt in my mind that Microsoft Internet Explorer continues to be heavily targeted due to its substantial market share. Also, its legacy means that old bugs and past bad security practices do surface and get exploited fairly regularly. Of course, a lot of these vectors are greatly mitigated or even nullified with the use of new security technologies such as Data Execution Prevention (DEP) in newer versions of IE.


With the above points in mind, however, I would recommend that businesses steer away from IE if possible. If that's not an option, at least upgrade to IE 8. Also, the upcoming IE9 shows great promise in being the best performing and most secure browser from Microsoft yet, and is probably worth exploring as a replacement for your SMB when it is ready for installation.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.