The gang behind what FireEye has dubbed the "Operation Snowman" attack campaign appears to have hacked into the VFW Website and altered its HTML code, including introducing JavaScript that creates a malicious iFrame that targets a never-before-seen use-after-free bug in the IE10 browser. The bug allows the attackers to bypass two defensive technologies -- address space layout randomization (ASLR) and data execution prevention (DEP) -- that are meant to lock down the browser against these types of attacks.
If the attack is successful, the malicious JavaScript routine loads a Flash object that drops a payload, which downloads a ZxShell backdoor onto the targeted PC. "Those looking after IE10 users may want to keep an eye on their proxy logs for the follow-on download as a potential indicator" of the attack, said SANS Internet Storm Center handler Chris Mohan in a blog post.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.