Internet Explorer users are warned against Poison Ivy

Sep 18, 2012 by Nancy Owano report

(Phys.org)—More than a few Internet Explorer users stand vulnerable to fresh attacks of Poison Ivy. In the latest headline in the "Internet Explorer has a flaw" saga, a security hole in Internet Explorer 7,8, and 9 is being exploited. Attackers can spring a back-door Trojan on an IE browser victim's computer. The Trojan is known as Poison Ivy. Security researchers say the IE hole is new to them. They say the attacks have already taken place. Eric Romang, a security researcher, spotted the flaw a few days ago and blogged that a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild.

Rapid7, a security company, said it was a zero-day making Internet Explorer 7, 8, and 9 vulnerable on Windows XP, Vista and 7 systems. Computer can experience attacks if they visit a malicious website, which hands over privileges to the attacker. The attacker can run code of his choice in the context of the user. The attacker can delete or add files or change registry values. Security experts, like Rapid7, are advising business and general consumer users to avoid Internet Explorer until Microsoft issues a patch. Rapid 7 offered advice for Internet users to switch to other browsers such as Chrome or Firefox while waiting for a security update. HD Moore, CSO of Rapid7, said, though, that avoiding the browser might not even be enough, as many applications rely on the IE engine to render HTML.

The exploit had already been used by malicious attackers in the wild but Rapid7 on Monday released an exploit module for Metasploit to allow security teams to get closer to the situation. can use it to simulate attacks that exploit the in Internet Explorer. They can see if their own are vulnerable. Metasploit is a collaboration between the open source community and Rapid7.

"We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop counter-measures," according to Rapid7.

Security watchers believe that the attacks are being made by the same people who previously figured out how to exploit a vulnerability in Oracle's Java framework. sleuths peg the IE exploits on the China-based group called Nitro, a group that first made news last year when Symantec said they had done their mischief at 48 businesses.

Romang said the zero-day season is not over yet. Microsoft said it is investigating reports of the bug.

In the near term, as an interim step, Microsoft is urging Windows users to install free software designed to protect the browser. The tool is called Enhanced Mitigation Experience Toolkit, or EMET. Microsoft says it as designed to help prevent hackers from gaining access to your system. "The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques," according to Microsoft. "These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use."

Explore further: Growing app industry has developers racing to keep up

More information: www.rapid7.com/downloads/metasploit.jsp
www.microsoft.com/en-us/download/details.aspx?id=29851

Related Stories

Microsoft fixes browser flaw used in Google breach

Jan 21, 2010

(AP) -- Microsoft Corp. took the unsual step of issuing an unscheduled fix Thursday for security holes in its Internet Explorer browser that played a role in the recent computer attacks that led Google to threaten to leave ...

Microsoft probing new hole in IE security

Feb 03, 2010

Fresh from patching an Internet Explorer (IE) flaw exploited in cyberattacks on Google and other firms, Microsoft is looking into a newly exposed vulnerability in the browser software.

Flash in Windows 8 RTM build is missing latest fix

Sep 08, 2012

(Phys.org)—Microsoft architects must wake up to the smell of burning blogs once again. While not everyone may have or want Windows 8, the situation is neither good for branding nor at all good for the people ...

Recommended for you

Growing app industry has developers racing to keep up

4 hours ago

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 14

Adjust slider to filter visible comments by rank

Display comments: newest first

kochevnik
1 / 5 (5) Sep 18, 2012
Running winblows without Kaspersky is like running down the street naked.
dogbert
1 / 5 (2) Sep 18, 2012
How long has IE been around and it has a back door vulnerability?

Microsoft said it is investigating reports of the bug.


You would think Microsoft would have always known of any back doors and would not have to investigate anything.
Bowler_4007
5 / 5 (1) Sep 18, 2012
How long has IE been around and it has a back door vulnerability?

Microsoft said it is investigating reports of the bug.


You would think Microsoft would have always known of any back doors and would not have to investigate anything.

a backdoor is something left in the code by a programmer to gain an advantage.. some bugs are only bugs when there is a technique to exploit them, somebody could theoretically write a program with no errors and that could potentially be exploited in one way or another, past a certain point its down to the algorithms being able to deal with this stuff rather than coding quality.. like anything there is always room for improvement
Deathclock
3.7 / 5 (3) Sep 18, 2012
Who still uses internet explorer?
DarkHorse66
not rated yet Sep 18, 2012
Who still uses internet explorer?

My university, for one. They have a contract with Microsoft....blech
Long live Firefox portable, on my usb-stick....!
It's about 176KB and fully functional.
Cheers, DH66
dogbert
1 / 5 (2) Sep 18, 2012
Bowler_4007,

Yes I know what a backdoor is. Production software should not be designed our distributed with back doors.

If you code in a back door, you know you coded it into the software. You are not surprised that you have a back door and you don't heave to investigate. You already know.
Deathclock
5 / 5 (1) Sep 18, 2012
What the hell are you guys talking about? Backdoors are hardly ever intentionally included by the developer... malicious software "installs" backdoors most of the time using other vulnerabilities.

http://en.wikiped...uting%29
Bowler_4007
not rated yet Sep 18, 2012
What the hell are you guys talking about? Backdoors are hardly ever intentionally included by the developer... malicious software "installs" backdoors most of the time using other vulnerabilities.

http://en.wikiped...uting%29

yes i know back doors are hardly ever included by the dev that was my point, dogbert said M$ should know of all back doors, well if M$ did include some and that was ever proved that M$ would be in hot water so we can safely assume that there are no back doors for M$ to know about, as for ones put in place by malicious code M$ will probably know not long after someone manages to create one
Deathclock
not rated yet Sep 18, 2012
yes i know back doors are hardly ever included by the dev that was my point


Sorry then, when you said "a backdoor is something left in the code by a programmer to gain an advantage.." I thought you meant the original developer left it intentionally...
Bowler_4007
not rated yet Sep 18, 2012
yeh normally thats what they are i was just defining "back door", if malicious software modifies the other software so that a back door is made they programmed it indirectly because they program the malicious code to make the back door
IronhorseA
not rated yet Sep 18, 2012
Actually, production software very often has leftover code from the design and testing phase due to the fact that it would cost money to remove the code. It's pretty much situation dependent.
Caliban
not rated yet Sep 18, 2012

yes i know back doors are hardly ever included by the dev that was my point, dogbert said M$ should know of all back doors, well if M$ did include some and that was ever proved that M$ would be in hot water so we can safely assume that there are no back doors for M$ to know about, as for ones put in place by malicious code M$ will probably know not long after someone manages to create one


Not necessarily --how long were Stuxnet and Flame living out there in the environment before Kaspersky detected them?

Exactly.

alfie_null
not rated yet Sep 19, 2012
I wonder how much this sort of publicity costs Microsoft? No doubt they have it figured, as they determine how to allocate resources, how much to allocate to IE security issues.

The other day I noticed a TV ad promoting IE. Ironically, it was nestled amongst a bunch of ads for droids and iphones. How much bug-fixing could be done for the cost of one TV ad?
dogbert
1 / 5 (1) Sep 19, 2012
How much bug-fixing could be done for the cost of one TV ad?

Security has never been a priority for Microsoft in its browser. ActiveX in the browser says that.

More news stories

Making graphene in your kitchen

Graphene has been touted as a wonder material—the world's thinnest substance, but super-strong. Now scientists say it is so easy to make you could produce some in your kitchen.