Hackers used previously unknown Internet Explorer flaw in attacks

Published February 14, 2014
Security firm FireEye Inc discovered the attacks against Microsoft Internet Explorer 10 this week. — File Photo
Security firm FireEye Inc discovered the attacks against Microsoft Internet Explorer 10 this week. — File Photo

SAN FRANCISCO: A previously unknown flaw in a recent version of Microsoft Corp's Internet Explorer web browser is being used to attack Internet users, including some visitors to a major site for US military veterans, researchers said Thursday.

Security firm FireEye Inc discovered the attacks against IE 10 this week, saying that hundreds or thousands of machines have been infected. It said the culprits broke into the website of US Veterans of Foreign Wars and inserted a link that redirected visitors to a malicious web page that contained the infectious code in Adobe Systems Inc's Flash software.

FireEye researcher Darien Kindlund said that the attackers were probably seeking information from the machines of former and current military personnel and that the campaign shared some infrastructure and techniques previously attributed to groups in mainland China.

He said planting backdoors on the machines of VFW members and site visitors to collect military intelligence was a possible goal.

A VFW spokeswoman didn't immediately respond to requests for comment.

A Microsoft spokesman said the company was aware of the "targeted" attacks and was investigating. "We will take action to help protect customers," said spokesman Scott Whiteaker.

The latest version of the browser is IE 11, which is unaffected, and a Microsoft security tool called the Enhanced Mitigation Experience Toolkit also protects users who have installed that.

Previously unknown flaws in popular software are a key weapon for hackers and are sold by the researchers who discover them for $50,000 or more, brokers say.

They are most often bought by defense contractors and intelligence agencies in multiple countries, but some of the best-funded criminal groups buy them as well.

Opinion

Editorial

‘Source of terror’
Updated 29 Mar, 2024

‘Source of terror’

It is clear that going after militant groups inside Afghanistan unilaterally presents its own set of difficulties.
Chipping in
29 Mar, 2024

Chipping in

FEDERAL infrastructure development schemes are located in the provinces. Most such projects — for instance,...
Toxic emitters
29 Mar, 2024

Toxic emitters

IT is concerning to note that dozens of industries have been violating environmental laws in and around Islamabad....
Judiciary’s SOS
Updated 28 Mar, 2024

Judiciary’s SOS

The ball is now in CJP Isa’s court, and he will feel pressure to take action.
Data protection
28 Mar, 2024

Data protection

WHAT do we want? Data protection laws. When do we want them? Immediately. Without delay, if we are to prevent ...
Selling humans
28 Mar, 2024

Selling humans

HUMAN traders feed off economic distress; they peddle promises of a better life to the impoverished who, mired in...