Similar Searches

  • Downloader-CJX Cashing In on Microsoft .LNK Flaw (July 26, 2010)

    As McAfee Labs predicted in a previous blog post regarding the Microsoft Windows Shell .LNK vulnerability, it was just a matter of time before malware started using Exploit-CVE2010-2568 to take advantage of this new Microsoft zero-day flaw. The

  • New Attacks Against Internet Explorer (July 6, 2009)

    If you read Geok Meng and Xiaobo’s blog published in December last year, this must almost seem like a movie sequel. Over the July 4 weekend, an exploit targeting a zero-day vulnerability in the Microsoft Microsoft DirectShow ActiveX object was widely

  • MS09-002 Exploit in the wild uses MSWord Lure (February 17, 2009)

    An exploit found to be targeting a recently patched vulnerability for Internet Explorer 7 was discovered in-the-wild.  Malware crooks were quick to develop a working exploit for the vulnerability in Internet Explorer 7, which was part of the February Microsoft

  • Drive-by-Download Du Jour (April 9, 2009)

    LuckySploit is an exploit framework that’s been in the news recently. As drive-by-downloads go, it lurks behind iframes and foists malware upon unsuspecting users. One LuckySploit attack we analyzed downloaded the FakeAlert-BY Trojan. So if you visited a Web

  • Zero-Day Internet Explorer Exploit Published (November 21, 2009)

    A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor

Related News

  • Downloader-CJX Cashing In on Microsoft .LNK Flaw (July 26, 2010)

    As McAfee Labs predicted in a previous blog post regarding the Microsoft Windows Shell .LNK vulnerability, it was just a matter of time before malware started using Exploit-CVE2010-2568 to take advantage of this new Microsoft zero-day flaw. The

  • New Attacks Against Internet Explorer (July 6, 2009)

    If you read Geok Meng and Xiaobo’s blog published in December last year, this must almost seem like a movie sequel. Over the July 4 weekend, an exploit targeting a zero-day vulnerability in the Microsoft Microsoft DirectShow ActiveX object was widely

  • MS09-002 Exploit in the wild uses MSWord Lure (February 17, 2009)

    An exploit found to be targeting a recently patched vulnerability for Internet Explorer 7 was discovered in-the-wild.  Malware crooks were quick to develop a working exploit for the vulnerability in Internet Explorer 7, which was part of the February Microsoft

  • Drive-by-Download Du Jour (April 9, 2009)

    LuckySploit is an exploit framework that’s been in the news recently. As drive-by-downloads go, it lurks behind iframes and foists malware upon unsuspecting users. One LuckySploit attack we analyzed downloaded the FakeAlert-BY Trojan. So if you visited a Web

  • Zero-Day Internet Explorer Exploit Published (November 21, 2009)

    A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor

Latest News

Security vulnerabilities in Pligg CMS version 1.0.4

The correct CV(or malware)

Zombie game inspires scammers to target your brains

We are good at finding names

To infinity and beyond

Downloader Trojan Exploits Hole in IE 7

We have lost count of how many blogs we have written this year that have anything to do with zero-day threats or unpatched vulnerabilities.

Today, many Internet users in China have reported an infection, presumably from browsing the web using a fully patched version of Microsoft Internet Explorer 7.x. My colleague Xiaobo Chen and I investigated the incident and found it to be an active exploit containing downloader shellcode that installs the Downloader-AZN Trojan (proactively detected as New Malware.n since 2005 when scanning with heuristics enabled).

The root cause was found to be the incorrect handling of certain XML tags in Internet Explorer 7.x that references already freed memory in the mshtml.dll.

We have confirmed this vulnerability to be affecting, at least, a fully patched Windows XP SP3 and a Vista SP1 system. The exploit uses publicly known heap-spray techniques that enable control over a vtable pointer, allowing arbitrary code execution.

Fortunately, the 5404 DATs proactively detect the Downloader-AZN Trojan, but there could be other variants. Additional coverage is going into today’s DATs to detect the malicious web scripts as Exploit-XMLhttp.d or Exploit-XMLhttp.c Trojan.

Details about this vulnerability, as well as exploit code, are known to be publicly available.

More information on this situation will be posted as it becomes available.

Continue reading...


Source: McAfee Avert Labs

  • Downloader-CJX Cashing In on Microsoft .LNK Flaw (July 26, 2010)

    As McAfee Labs predicted in a previous blog post regarding the Microsoft Windows Shell .LNK vulnerability, it was just a matter of time before malware started using Exploit-CVE2010-2568 to take advantage of this new Microsoft zero-day flaw. The

  • New Attacks Against Internet Explorer (July 6, 2009)

    If you read Geok Meng and Xiaobo’s blog published in December last year, this must almost seem like a movie sequel. Over the July 4 weekend, an exploit targeting a zero-day vulnerability in the Microsoft Microsoft DirectShow ActiveX object was widely

  • MS09-002 Exploit in the wild uses MSWord Lure (February 17, 2009)

    An exploit found to be targeting a recently patched vulnerability for Internet Explorer 7 was discovered in-the-wild.  Malware crooks were quick to develop a working exploit for the vulnerability in Internet Explorer 7, which was part of the February Microsoft

  • Drive-by-Download Du Jour (April 9, 2009)

    LuckySploit is an exploit framework that’s been in the news recently. As drive-by-downloads go, it lurks behind iframes and foists malware upon unsuspecting users. One LuckySploit attack we analyzed downloaded the FakeAlert-BY Trojan. So if you visited a Web

  • Zero-Day Internet Explorer Exploit Published (November 21, 2009)

    A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor

Copyright © 2010 The Security Blog. All rights reserved.