Less than 2 weeks into the new year, there’s another malware attack that can infest your computer with malware without your knowing it.  This is the first of the year.  More coming!

More exploits attacking more vulnerabilities in Internet Explorer, as well as Firefox, Chrome, Safari, and Opera are coming in 2010.  Predicting more malware attacks is equivalent to telling Seattle residents to expect rain in 2010.  If you’re curious as to why this is so, check out this explanation:

Never Ending Vulnerabilities for Web Browsers

Microsoft reports they’ve only seen exploits in the wild that successfully attack Internet Explorer 6 (six) users.  However, various security intelligence organizations as well as the alert Microsoft posted indicates that pretty much every version of Internet Explorer is affected.

McAfee reported that the recently publicized attacks on Google by Chinese hackers to gain information on Chinese dissidents exploited this vulnerability.  It seems unlikely that Google would be using IE6 because organizations that do tend to be stuck with a web application they’d developed in-house that only works on IE6.  So, this goes beyond IE6 to the newer versions.

Reports indicate 30 more enterprise organizations have been targeted with this exploit.  The number of organizations targeted by these attacks will grow as more malware developers create attack code and sell it to the 1000’s of malware distributors.  Remember, as any industry matures, specialization breaks out.  So, the malware creators tend to make their money selling their binaries to malware distributors in the form of web kits, which are automated software tools that enable non-technical people to launch and manage malware attacks and Botnets.

What Puts You Most at Risk from These Zero Day Exploit Attacks?

Just use Internet Explorer to visit websites!  Its not just the sordid websites, any website that you normally use.

This is because cyber criminals have been using their malware to find and infect the computers used by the webmasters that maintain websites.  As webmasters and most other people foolishly believe that their anti-virus software would let them know if they were infected, or that their computer would suddenly slow down and behave oddly.  Organizations should require webmasters to re-image their computers twice a year or more, unless they’re willing to get security software protection that stop zero-day malware attacks.

To those visiting this blog for the first time, and are unfamiliar with the term zero-day, if your computer protection requires ‘virus definition files’ or signature updates, consider yourself unprotected!  There are loads of blog posts here on the subject.

Some Attack Details on CVE-2010-0249 (or Microsoft Knowledge Base Article 979352)

From Microsoft, “The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”  In short, when an Internet Explorer user visits a compromised website they become a victim of a drive-by download attack that drops an executable somewhere in user-space.  This temporary executable launches and assess your computer: what operating system, user’s login privileges, installed security software, etc.  It then downloads and installs the permanent malware ideal for your computer.  As most cyber criminals do not create their own malware any more but instead buy it from professionals, if you get hit with a zero-day drive-by download attack like this, you won’t notice a thing before, during, or after.  In other words, your computer won’t slow down.  That happens when your computer has multiple infections.

Microsoft has already updated their alert page on this exploit and will likely do so again.  As of January 15, there were no practical precautions one could take to avoid one of these attacks.

What Can You Do to Protect Yourself and others from these Zero Day Attacks?

Install some zero-day protection software!

Blue Ridge offers software for consumers and organizations that would stop these and other zero-day drive-by download attacks, and more.  Consumers should get AppGuard, which can be tried for free for 30 days.  Organizations should investigate AppGuard Enterprise.  These recently won “Best Anti-Malware Product” from GSN’s Homeland Security Awards.  Those that need to lockdown and audit the computers in their organization might look at EdgeGuard, which includes the protections of AppGuard as well as the controls and audit capabilities an enterprise needs to plug data leaks and curb insider theft risks.

Posted: Sunday, January 17th, 2010 - Endpoint Security
RSS 2.0 - Comment - Trackback