Internet Explorer zero day exploit may have targeted nuclear workers

By on

Security researchers at Invincea discovered an exploit in Microsoft’s Internet Explorer 8 late last month that would allow an attacker to remotely execute malicious code on a victim’s computer. Normally such a flaw wouldn’t be particularly newsworthy but malicious code designed to take advantage of this exploit was discovered on a US Department of Labor website.

That website linked to a database used by former Energy Department employees that had worked with nuclear weapons or uranium, according to reports. Officials believe the hackers may have been compromising one government department to in order to gain access to another.

Microsoft acknowledged the exploit over the weekend, issuing a security advisory for IE8 only. Versions 6, 7, 9 and 10 are not affected, Microsoft said. The advisory notes the vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory and allow an attacker to execute code, the advisory said.

Invincea noticed that the DoL website appeared to be redirecting users to another website that installed a version of the Poison Ivy Trojan on the victim’s computer. Once installed, it would scan the system for anti-virus programs like AVG, Avira, Bitdefneder, Dr. Web, Eset, F-secure, Kasperky, McAfee, MSE and Sophos, just to name a few.

It goes without saying that it’s probably in your best interest to use another browser until Microsoft issues a patch for the vulnerability.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.