Tag Archives: Microsoft Internet Explorer

Courtesy of Symantec Identical typos in three separate zero-day attacks are one indication they were carried out by the same hacker gang, dubbed Elderwood. Courtesy of Symantec

Active attacks targeting a critical vulnerability in older versions of Microsoft’s Internet Explorer browser have been carried out by an experienced gang of hackers. And over the past four years, the group has penetrated the defenses of Google and dozens of other companies using similar zero-day exploits.

The latest attack, which works against current IE versions of 6, 7, and 8, was found late last month on the CFR.org and Capstoneturbine.com, according to a variety of researchers (including Eric Romang and those from the FireEye Malware Research Lab). Such “watering hole” attacks get their name because they attempt to plant drive-by exploits into sites frequented by the people the attackers hope to infect, similar to a hunter targeting its prey as it drinks water.

Latest IE Attack Brought by Same Gang that Hacked Google | DFI News.

Cryptome.org hacked, unwillingly served malware to IE users

Famed whistleblower site Cryptome.org was hacked and infected with the nefarious Blackhole toolkit, unwittingly serving malware code targeting Windows machines that forced a complete restoration of the site by its owners.

New York based architect and scholar John Young, who launched the site many years ago, explained that the Blackhole code was found embedded into “every HTML file in the Cryptome main directory”, forcing a complete restoration from a clean copy of all the 6.000 files on the server.

The malware that was placed into Cryptome web code was designed to test the visitor’s browser in search of any available vulnerabilities before downloading a malicious executable file on the visitor’s computer. Apparently the malware only targeted Microsoft Internet Explorer users.

The complete restoration of the Cryptome files took some time, and now the service is completely clean. Furthermore, security research “mrkoot” has put together additional technical notes about the attack on his site.

The new attack against the Cryptome.org server is particular worrisome considering how sensitive the type of documents managed by its owners is. Founded in June 1996, the whistleblower site started collecting and publishing “prohibited” and even classified documents (freedom of expression, privacy, cryptology, intelligence, and more) way before Wikileaks became a worldwide media sensation.

Cryptome.org hacked, unwillingly served malware to IE users – Neowin.net.