The new IE exploits for Advisory 961051, Now Hosted on Pornography Sites

Two days ago, we blogged about attacks that involve exploits of the recently discovered vulnerability in Internet Explorer. We would like to give you a quick update about these attacks.

Based on our stats, since the vulnerability has gone public, roughly 0.2% of users worldwide may have been exposed to websites containing exploits of this latest vulnerability. That percentage may seem low, however it still means that a significant number of users have been affected. The trend for now is going upwards: we saw an increase of over 50% in the number of reports today compared to yesterday.

How are the attackers managing to affect more users now? First, some legitimate web sites were maliciously modified to include the exploits. For example a popular search engine in Taiwan was found to be hosting the exploit. Luckily, that site was quickly cleaned. Secondly, we’ve noticed some pornography sites have started hosting these exploits too: We recently found a web site in Hong Kong that serves various content including adult entertainment. Users who hoped to watch that content, became target of those attacks: specifically, the exploit dropped trojans that we detect as Trojan:Win32/VB.IQ.dr and Trojan:Win32/VB.IQ.

MSRC keeps their advisory updated with possible workarounds. Read carefully, see what applies to you and in the meantime, you should always exercise caution when browsing and try to go to sites that you trust.

-- Ziv Mador & Tareq Saade

Microsoft released Security Bulletin MS08-078 on December 17, 2008 that fixes this vulnerability. Microsoft recommends that you apply this fix now.

Comments (0)

Skip to main content