Researchers have found two new zero-day exploits that affect Microsoft Internet Explorer with one inserted onto a site that draws reputable visitors on a regular basis.
Both exploits were discovered by FireEye Labs with one based on a breached website in the US and the other “in the wild” with the latter described as having the ability to be “exceptionally accomplished and elusive”.
The first exploit affects any users visiting the malicious website with a drive-by download attack and the FireEye analysis found that the exploit affects IE 7,8,9 and 10.
When it came to the latter exploit, attackers inserted the zero-day exploit into a “strategically important website, known to draw visitors that are likely interested in national and international security policy,” according to FireEye, without revealing the name or URL of the site in question.
The Trojan, dubbed “the diskless 9002 RAT” by FireEye, can be removed by rebooting a PC as it’s not on a hard drive and targets English language versions of Windows XP IE 7 and 8 as well as Windows 7 IE 8.
Although the attack is easily removed, the FireEye blog suggests the attackers have done their research when it comes to the targets and “the attackers were confident that their intended targets would simply revisit the compromised website and be re-infected.”
FireEye expects the advanced persistent threat [APT] actors to constantly “evolve and launch new campaigns for the foreseeable future” adding that “these old dogs continue to learn new tricks.”
In terms of the first attack FireEye believes it was simply serving as a threat to the generic public and it is working together with the Microsoft Security team on research activities related to it.
Users are reminded that the best way to avoid attacks of this nature is to make sure the IE version is up to date as it will contain the latest plugins and solutions to security vulnerabilities that continue to evolve.