Eric Romang discovered an exploit for IE on one of the servers that are used by participants hacker group Nitro.
Security researcher Eric Romang said in his blog that he had found an exploit for a previously unknown vulnerability in Internet Explorer. According to the expert, he studied the compromised servers that used the hacker group members Nitro.
In the director /public/help found 4 files (exploit.html, Moh2010.swf, Protect.html and 111.exe), which attracted the attention Romanga. All files have been opened on the test car with all-new OC Windows XP Professional Edition SP3, as well as the latest versions of Adobe Flash. The launch of these files has resulted in a system file was downloaded dropper.
According to the researcher, when opening web-pages exploit.html, in the victim’s browser loads Flash video, which in turn loads another HTML page protect.html. After that, the victim’s system is installed executable 111.exe. Thus, an attacker can compromise a vulnerable system.
Researchers Vulnhunt also published an analysis of the exploit, and confirmed his danger, and the fact that it is a vulnerable Internet Explorer. Team members Metasploit said that he is developing a module exploit. “Yes, @ _juan_vazquez_ and I’ve been working on it …” – said the developer in their account in Twitter. Read more
I recommend readers to limit visiting untrusted resource using Internet Explorer prior to issuing a fix from Microsoft Corporation.
MALWARELIST.net - Your Information Security Source 