Tuesday, November 12, 2013

Internet Explorer: another day, another Day Zero bug being exploited

If you use IE as your primary browser, I recommend switching to Firefox for a month.  Or two:
Security researchers have discovered new zero-day vulnerabilities in Internet Explorer that are already being harnessed by hackers to run a new type of drive-by attack.

FireEye, the security firm that discovered the attack method, said that the flaw is present in various versions of Internet Explorer 7, 8, 9 and 10, while running Windows XP or Windows 7.


Malware slung via the latest exploit is designed to load directly into the memory of victimised Windows PC, bypassing the hard drive. The tactic makes it harder for antivirus software or similar security tools to detect and block the attack.

However, simply rebooting compromised machines would appear to remove them from the botnet, so what this new type of attack gains in stealth, it loses in persistence. FireEye posits that "the use of this non-persistent first stage may suggest that the attackers were confident that their intended targets would simply revisit the compromised website and be[come] re-infected".
Microsoft is said to be patching the last Day Zero* bug in today's Patch Tuesday (we won't really know until it comes out).  But it's concerning that we hear about this only after exploits are circulating in the wild.  While all programs (including Firefox) have security bugs, Firefox tends to be much faster in getting fixes out.

So get Firefox.  Err, and reboot.  You'll feel better.

* A "Day Zero" bug is a security flaw that is being exploited by malware, and for which no fix has been released.  Nasty stuff.


Dave H said...

How do you feel about the Chrome browser? I noticed Google has abandoned all pretense of giving users a choice about if or when to upgrade, but all I've seen them do with the involuntary updates so far is change the color scheme to be more tablet friendly. I still use it over Firefox because the fox has come to feel almost as bloated as IE.

Borepatch said...

Dave, Chrome is OK. It's from Google, and I don't like their data surveillance, but securit-wise it's fine.