NEWS - May 06, 2013
by Carol~ - 5/6/13 9:31 AM
Internet Explorer 0-day attacks on US nuke workers hit 9 other sites
"Months-old attacks apparently targeted workers in Aerospace, defense, labor."
Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least nine other websites, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes, security researchers said.
The revelation, from a blog post published Sunday by security firm AlienVault, means an attack campaign that surreptitiously installed malware on the computers of federal government workers involved in nuclear weapons research was broader and more ambitious than previously thought. Earlier reports identified only a website belonging to the US Department of Labor as redirecting to servers that exploited the zero-day remote-code vulnerability in IE version 8.
A separate blog post from security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites. The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe. CrowdStrike's data showed IP addresses before exploit code was run against the visitors' machines. Not all those visitors were likely compromised since the exploit code worked only against people using IE8.
Continued : http://arstechnica.com/security/2013/05/internet-explorer-0-day-attacks-on-us-nuke-workers-hit-9-other-sites/
IE 8 Zero Day Found as DoL Watering Hole Attack Spreads to Nine Other Sites
Update: Hack Investigation At Dept. of Labor Turns Up Internet Explorer 8 Zero Day Hole
E8 0-day used in watering hole attacks
New Internet Explorer 8 Zero-Day Used in Watering Hole Attack
See: Microsoft Releases Security Advisory 2847140