Internet Explorer Zero-Day Exploited in the Wild by APT Group

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
An advanced persistent threat (APT), a term sometimes used to describe nation-state-backed cyber-espionage units, is using a zero-day vulnerability in the Internet Explorer kernel code to infect victims with malware.

Security researchers from Chinese antivirus maker Qihoo 360 Core have reported the issue to Microsoft this week, Bleeping Computer has learned from a member of the Qihoo 360 team.

The zero-day has been deployed in live attacks, as part of Office documents sent to selected targets.
Latest versions of IE browser affected, possibly other apps
The Qihoo 360 Core team said the zero-day uses a so-called "double kill" vulnerability that affects the latest versions of Internet Explorer and any other applications that use the IE kernel.

"After the target opens the document, all exploit code and malicious payloads are loaded from a remote server," researchers wrote today in a blog post on the Weibo micro-blogging platform.

Researchers said the attack involves the use of a public UAC bypass, reflective DLL loading, fileless execution, and steganography.
......
......
.....
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top