IE exploit distributes PlugX malware, researchers say - brumfieldgince1938

Researchers from security department marketer AlienVault rich person known a variant of a of late discovered Internet Explorer exploit that is used to infect targeted computers with the PlugX remote access Trojan (Skunk) program.

The newly determined exploit variant targets the same unpatched vulnerability in IE 6, 7, 8 and 9 atomic number 3 the germinal exploit, but uses slightly different code and has a different payload, AlienVault Labs manager Jaime Blasco said Tuesday in a web log post.

The premiere exploit was found over the weekend connected a known venomed server by security investigator Eric Romang and distributed the Poison English ivy RAT. The s exploit translation discovered past AlienVault researchers was found on a different server and installs a much newer RAT program called PlugX.

However, file modification dates seen on both servers suggest that some versions of the exploit have been in habit since at least September 14.

"We know that the chemical group actively using the PlugX malware also called Flowershow had access to the Internet Explorer ZeroDay [exploit targeting an unpatched vulnerability] days before it was uncovered," Blasco same. "Due to the similarities of the newly discovered exploit code and the one discovered some days ago it is very likely that the same group is behind both instances."

AlienVault researchers have been tracking attacks that use the PlugX RAT since early this class. Supported file debug paths found in spite of appearanc the malware, they believe that the comparatively new RAT was developed by a Chinese hacker called WHG, who had previous ties with the Electronic network Crack Program Hacker (NCPH), a well noted Chinese hacker group.

AlienVault researchers have also identified cardinal additional websites that served the new IE exploit in the past, but no payload could be obtained from them, Blasco said. One was a defense intelligence site from India and the other was probably a fraud version of the 2nd International LED line of work Symposium web site, atomic number 2 said. (Also see "Bitchy web apps: How to spot them, how to work over them.")

"It seems the guys behind this 0day were targeting unique industries," Blasco said.

The server where the original IE effort was found also stored an exploit for an unpatched Java vulnerability last calendar month. That Java exploit was used in attacks attributed by security researchers to a Formosan hacker group dubbed "Nitro."

Microsoft already free a security system advisory astir the new IE vulnerability and recommended working mitigation solutions while it works on a patch.

Source: https://www.pcworld.com/article/461387/ie-exploit-distributes-plugx-malware-researchers-say.html

Posted by: brumfieldgince1938.blogspot.com

Share this post