The US military may be trained to dodge bullets and bombs, but now they are being targeted with bits and bytes in the ever expanding cyberwar. Microsoft has confirmed that flaws in their Internet Security 10 browser have been exploited to spread malware on web sites frequented by US Military personnel and veterans. The attacks are also effective if you are using Internet Explorer 9.
An interesting aspect of this attack is that a key Windows anti-exploit feature, Address Space Random Layout (ASRL), was overcome using Adobe’s Flash Action Script which loaded the infected animation into memory.
FireEye believes that this attack is related to two attacks traced to Chinese sources, including one that targeted US military and intelligence personnel. It may not be a coincidence that the attack occurred over the Presidents Day Holiday weekend when many US government employees have off and could be spending more personal time online. The weekend was also an opportune time because snowstorms in the Washington DC area that weekend resulted in many government employees working from home or with time off.
The attack is a classic “drive by download” that victimizes site visitors at random. However, the sites the attacks targeted suggest that the hackers are on a fishing expedition for information available to the US military, classified or otherwise. In other words, this is high tech espionage with a wide net. Skeptics who do not believe there really is a cyberwar should take note.
Because of these and other exploits, security experts recommend not using Internet Explorer 10. We would heartily recommend the security enhanced Chromium based browser Comodo Dragon. We would also point out that Zero Day exploits such as this are not a concern to users protected by Comodo Internet Security, which safely sandboxes programs that it cannot confirm as safe to run by their system.