Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

New In-the-Wild Exploit for IE Zero Day

  • 22 January, 2010 09:11

<p>New In-the-Wild Exploit for IE Zero Day</p>
<p>With the arrival of an out-of-band security patch from Microsoft to fix a critical Internet Explorer zero day vulnerability, Symantec has also confirmed that a new exploit for the security hole, which was used in the recent high-profile attacks against Google, has been discovered in the wild.</p>
<p>“The new exploit is being hosted on hundreds of Web sites and Symantec detects the malicious HTML pages as Trojan.Malscript!html,” said Josh Talbot, security intelligence manager, Symantec Security Response. “The pages contain a shell code that bypasses a warning dialog shown after downloaded file gets executed. The page replaces the code of “MessageBeep API” so that the Internet Explorer process which attempts to play a beep sound will be terminated. After the termination of the process, it causes the Internet Explorer window to be displayed again. The shell code also contains code to avert API hooking when it calls APIs. By doing this, some security products may miss some monitored APIs.”</p>
<p>In the end, a malicious file is downloaded. Symantec has both network-based and antivirus signatures to protect against this threat and detects the malware as Trojan Horse. This is not the same malware, Trojan.Hydraq, that was used in the recent attacks waged against Google.</p>
<p>Symantec strongly advises computer users to update their systems with the related patch from Microsoft. More information on the security patch can be found here: http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx.</p>
<p>In addition, for the most up-to-date information about the Trojan.Hydraq threat which also takes advantage of this vulnerability, please see http://www.symantec.com/connect/blogs/hydraq-vnc-connection.</p>
<p>Please let me know if you’d like to discuss this further with a Symantec security expert, and I will be happy to put you in touch.</p>
<p>Media Contact:</p>
<p>Jasmin Athwal</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>
<p>Jasmin.Athwal@maxaustralia.com.au</p>

Most Popular

Most Popular Reviews

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?