Researchers warn of targeted Internet Explorer zero-day flaw

Security experts are advising users to switch browsers following the discovery and exploit of a zero-day flaw in Internet Explorer.

Researcher Eric Romang said that the vulnerability was being targeted in the wild by a cybercrime group known as "Nitro gang" for malware infections. According to Romang, the vulnerability is being targeted via specially-crafted .swf file hosted on a server controlled by the criminals.

"I can confirm, the zero-day season is really not over yet," Romang said in a blog post.

"Less than three weeks after the discovery of the Java SE 7 0-day, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild."

According to Romang, the attack site actively screens users and only launches an attack when a 32-bit Windows XP system running Internet Explorer 7 or 8 is detected. Upon a successful attack the site redirects users and displays a different page.

For Microsoft, addressing the flaw would likely require an "out of band" update to be deployed ahead of the next scheduled security update on 9 October. While uncommon, the company does occasionally release the unscheduled updates to address critical vulnerabilities which are being actively targeted.

Microsoft Trustworthy Computing director Yunsun Wee said that the company was aware of the reports and is investigating the matter.

"We have confirmed that Internet Explorer 10 is not affected by this issue," Wee said in a statement provided to V3.

"We recommend customers deploy Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) 3.0, which provides effective protections without affecting the web browsing experience."

Meanwhile, security experts are advising users to re-think their choice of web browsers to mitigate the risk of attack.

"If you're still running IE7, 8 or 9, today is a good day to think about switching browsers for a couple of weeks," advised SANS researcher Rob VandenBrink.