Experts have warned of a sharp hike in the number of cyber-criminals exploiting the VML flaw in IE
Malware toolkits are making it simple to exploit the Microsoft IE vulnerability

Attackers flock to Internet Explorer VML exploit

Script-kiddie virus authoring tool starts churning out custom exploit code

Shaun Nichols in California

vnunet.com, 26 Sep 2006

Security experts have warned of a sharp hike in the number of cyber-criminals actively exploiting the newly discovered VML vulnerability in Microsoft's Internet Explorer.

"More and more sites are using this exploit code," McAfee's Avert Labs virus researcher Craig Schmugar told vnunet.com

Advertisement

Inclusion of the exploit in a malware toolkit known as 'WebAttacker' has made it easier to implement, according to Schmugar.

"[WebAttacker] is known for making it easier for someone with less skill to use this toolkit to install their payload," he said.

"Tools have been posted to be able to plug in a URL and build an exploit that downloads and executes the file of choice."

Reports surfaced last Wednesday of an unpatched vulnerability in Internet Explorer's Vector Markup Language that could allow attackers to take control of a system. 

The vulnerability was first exploited through a group of adult websites hosted in Russia.

Over the weekend an existing data phishing operation started using the VML exploit in an effort to steal log-in data for financial websites, Roger Thompson, chief technology officer at Exploit Prevention Labs, told vnunet.com

The group sends out weekly spam emails informing recipients that they have received a digital card through Yahoo Greetings

While users eventually arrive at the Yahoo website, they are first taken past an exploit server that infects their system with a Trojan.

The Trojan is designed to collect all information used in online forms, allowing the attackers to collect log-in details for banking websites and online payment services such as PayPal.

The attackers have been active for four to five months. Prior to exploiting the VML vulnerability, they targeted a critical security hole in the Microsoft Data Access Components in Windows that was repaired in April. 

Even when the group was targeting the patched vulnerability, the attackers harvested 200MB of data every week, according to Thompson's research.

He predicted that the group will ensnare even more victims now that it has started exploiting the unpatched VML exploit.

Continued on page 2 >
  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Related whitepapers

Related jobs

Most watched

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

More video

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

a padlock

Microsoft to plug security holes

Microsoft has given advance warning of a number of security...

Nokia handset

Top 10 articles, 10 July 09

No Nokia Android phone, ActiveX attacks and Google enters into...

Can Google beat Microsoft at its own game?

Google's announcement this week that it plans to step into...

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Primary Navigation