Zero-day exploit is being used to attack fully patched systems

A newly detected exploit is already being used to attack fully patched Windows systems. Any computer running the Microsoft Internet Explorer web browser is vulnerable, researchers at Sunbelt Software, makers of the CounterSpy spyware remover, state. According to them, the latest exploit utilizes a previously unknown flaw in Internet Explorer to run malicious code on the victim’s computer. This code rapidly downloads from the Internet and installs dangerous trojans and worms, notorious spyware and adware parasites, a keylogger and even corrupt anti-spyware. However, more malware might be dropped to compromised systems, as researchers haven’t fully analyzed the risk yet. It is known that variants of the infamous pests like VirtuMundo, webHancer, Surf SideKick, Internet Optimizer, DollarRevenue, Spybot, SpySheriff, etc. are among the threats the exploit installs.

Currently, the exploit is being hosted at several pornographic web sites. And that’s only the beginning. Hundreds of hackers and malware distributors around the world will definitely want to get the exploit and put it to numerous malicious sites or even legitimate resources. Incidents occured in first few months of this year, when a similar Internet Explorer exploit has been injected to hundreds of legit sites, can be considered as arguments for such an assumption.

As it was said above, even fully patched systems are vulnerable. However, as the exploit utilizes a flaw found only in Microsoft Internet Explorer, users surfing the Internet with Mozilla Firefox and Opera web browsers should be safe. It is highly recommended to stop using Internet Explorer for a while and switch to any alternative browser that doesn’t use IE’s engine. In other words, switch to Mozilla Firefox or Opera, as Maxthon, Avant Browser, AOL Explorer or any similar products are vulnerable as well. Users who simply cannot give up using IE, will need to disable JavaScript completely.

We will keep you informed as more details become available.

Your opinion regarding Zero-day exploit is being used to attack fully patched systems

Like us on Facebook