Internet Explorer 10 Exploit Used to Target U.S. Military

February 18, 2014 | By Kevin Judge

Comodo DragonThe US military may be trained to dodge bullets and bombs, but now they are being targeted with bits and bytes in the ever expanding cyberwar. Microsoft has confirmed that flaws in their Internet Security 10 browser have been exploited to spread malware on web sites frequented by US Military personnel and veterans. The attacks are also effective if you are using Internet Explorer 9.

Last week, the internet security firm FireEye first identified the previously unknown “Zero Day Exploit” compromising the web site for the Veterans for Foreign Wars, vfw.org. According to FireEye, the attackers compromised the web page and added an iFrame, an inline frame, which loads a page containing JavaScript and a Flash animation infected with malware. Page users were then redirected to a remote site where a complete payload of malware was downloaded and executed on their computers.

An interesting aspect of this attack is that a key Windows anti-exploit feature, Address Space Random Layout (ASRL), was overcome using Adobe’s Flash Action Script which loaded the infected animation into memory.

FireEye believes that this attack is related to two attacks traced to Chinese sources, including one that targeted US military and intelligence personnel. It may not be a coincidence that the attack occurred over the Presidents Day Holiday weekend when many US government employees have off and could be spending more personal time online. The weekend was also an opportune time because snowstorms in the Washington DC area that weekend resulted in many government employees working from home or with time off.

The attack is a classic “drive by download” that victimizes site visitors at random. However, the sites the attacks targeted suggest that the hackers are on a fishing expedition for information available to the US military, classified or otherwise. In other words, this is high tech espionage with a wide net. Skeptics who do not believe there really is a cyberwar should take note.

Because of these and other exploits, security experts recommend not using Internet Explorer 10. We would heartily recommend the security enhanced Chromium based browser Comodo Dragon. We would also point out that Zero Day exploits such as this are not a concern to users protected by Comodo Internet Security, which safely sandboxes programs that it cannot confirm as safe to run by their system.

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>