BitDefender® has released an emergency update to protect computer users against the newly-discovered flaw in Internet Explorer® versions 6 and 7 which could allow remote code execution, after tricking the user into visiting a malicious web page. Microsoft has issued a warning bulletin and a patch is underway to mitigate the vulnerability.
In order to stay safe, BitDefender recommends that you download, install and update a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection and take extra caution when prompted to open files from unfamiliar locations.
Potential risk scenario
Initially, a prospective victim is lured into visiting a specially crafted web link advertised either via spam messages or as posted on bulletin boards, social networks etc. This webpage contains JavaScript code obfuscated by using the escape function. In order to bypass detection from antivirus products, the script calls a secondary JavaScript that replaces a variable with the unescape string.
The decrypted result is actually the malicious payload which will trigger a heap spray attack and will write the malicious code into the browser’s User Data area, making it persistent. Every time the browser starts, the malicious code is executed without any subsequent intervention (drive-by download), which will result in the automatic download of a file called either notes.exe or svohost.exe (detected by BitDefender as Gen:Trojan.Heur.PT.cqW@aeUw@pbb).
Mitigating the risks
Microsoft has announced that the exploit is already in the wild and that users will be provided with a fix ‘as soon as possible.’ Since Internet Explorer® 8 is not vulnerable to the attack, the next logical step would be to upgrade immediately. However, many custom-made applications in the corporate environment are strongly interconnected with IE 6 or IE 7 and might not work as expected on Internet Explorer 8.
BitDefender is currently detecting the exploit and blocking the malicious code before it is able to inflict any damage to a user’s computer. Moreover, all BitDefender customers have been proactively protected against the infected binaries which the exploit is trying to install on the local machine.
Graphics are available on request.
BitDefender will be participating at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th – 29th April in its new venue Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk
About BitDefender®
BitDefender is the creator of one of the industry’s fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention, emerging as the industry’s anti-malware innovator.
Every day, BitDefender protects tens of millions of home and corporate users across the globe — giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company’s security solutions press room. Additionally, BitDefender’s www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.
For more information visit http://www.bitdefender.co.uk
Contact:
Alan Wild
PR Manager BitDefender (UK and Ireland)
Tel: 0845 130 5096
E-mail: awild@bitdefender.co.uk
Issued by:
Mike Ottewell
MJO PR for BitDefender UK
Tel: 01538 361217
E-mail: mike@mjopr.com
– Mike Ottewell 12-03-2010
Authors bio is coming up shortly.