Zero Day Attack Hits Internet Explorer 6-8
by Brandy Cross
Internet explorer users have been hit with attacks from a zero day virus in the past, but this time, an upgrade to Internet Explorer 8 won’t fix the problem. Microsoft recently admitted in a security advisory to the zero day threat when they posted a security update on December 29th, and have since them managed to release a temporary patch to protect users from the threat, while they work on a more permanent solution. But while Microsoft claims to be working day and night for a solution, the possibility of having a hijacked computer on their hands could lead many IE users to switch to another browser for the duration.
Zero Day Virus Strikes Again
In 2011 the first eight zero day threats appeared online, security experts and makers of Norton, Symantec found only 8 of them that year, but since then, numbers have been growing. In September of 2012, internet explorer users were warned that having an older version of the web browser could lead to a zero day threat. The attack used outdated I.E. browsers to download a virus and sequentially move the computer into a bot-net, which works as a further exploit to send the virus to other computers. This works by using backdoor Trojans to download information, and then using remote access Trojans to uplink and load the information to other servers. But while the zero day exploit can cause a lot of damage, including stealing personal information and data, it’s also almost virtually undetectable. Studies by Norton’s Symantec shows that only about 20-68% of zero day exploits are actually picked up by virus scanners, which can be a huge problem for anyone who doesn’t know their computer is infected.
In September, the German government actually temporarily banned Internet Explorer until Microsoft fixed the problem. The Zero Day virus that was causing the threat at that time was known as Poison Ivy, but this one is something slightly different.
Council on Foreign Relations Website Infected
Anyone visiting the CFR (Council of Foreign Relations) website with an outdated I.E. browser could find themselves at risk. A report by FireEye shows that the site has been infected with a zero day virus via its flash servers using Adobe Flash Player. Notably, I.E versions with a full patch from last year’s attack are still vulnerable to this attack. As we reported in 2012, flash is one of Windows last real weaknesses, this includes Java Sun from Oracle, Adobe Flash Player, and many more flash related players. Most people do believe that flash and Java based products are now being phased out of use, especially considering that they are relatively slow, and similar newer options such as HTML5 are now available.
Upgrade, Download a Patch, and Mitigate the I.E. Bug
Anyone who uses Internet Explorer 6 through 8 should definitely consider upgrading to I.E. 10, Microsoft claims that the newer browser might not be affected, especially since it has much newer built in security. However, as shown by Jaime Blasco, labs manager of AlienVault, the attack can and does circumvent the security precautions put in place by Microsoft. Their technologies including DEP (Data Execution Prevention) and ASLR (address space layout randomization) proved useless against the zero day attack.
Microsoft suggests that all I.E. users apply the Advanced Mitigation Kit (found via Start, All Programs, Enhanced Mitigation Experience Toolkit, and EMET 3.0.) and the Fix It Toolkit released after the last attack. After installation, both the EMET 3.0 and the Enhanced Mitigation Experience Toolkit will have to be set up to give you the best protection without taking away from your browsing ability.
Tips from the High Tech Society: You’re Internet Explorer will remain vulnerable to the zero day virus unless you upgrade it to version 9 or 10. Because users on XP or later devices cannot upgrade, we do recommend that you switch to another browser for the duration of the period. Google Chrome is excellent for speed, Firefox has a lot of tech ad-on’s, Safari can be a bit weird but does work. (Not biased or anything but Google Chrome includes the ability to use a range of free games and apps right from the browser, excellent customization tools, 5 GB free online storage, and much, much more).
You should also keep your antivirus up to date and try running it with the internet off at least once per month. Most viruses use the internet to communicate with their host, so they are easiest to remove when you are not connected.