A new zero-day Internet Explorer 8 vulnerability was recently used by hackers to install trojans on systems of Dept. of Labour employees.
1 Star2 Stars3 Stars4 Stars5 Stars (Rate This)
Loading...

A security firm recently found out that a zero-day vulnerability in Internet Explorer 8 has been used by hackers to install malicious trojans on the systems of nuclear weapons researchers and Department of Energy employees. Microsoft has confirmed the exploit and has provided guidelines on how to patch the exploit.


Internet Explorer 8

Interestingly, the zero-day exploit that has been found in Internet Explorer 8 is not found in any of the earlier or later versions of the browser. That is precisely why, Microsoft has advised the users to upgrade to later versions of the browser, so as to avoid incurring any harm due to the exploit.

Since the attack was directed at such employees who are directly involved with nuclear weapons, there are hints that it originated somewhere outside of the U.S. The attack involved compromising the U.S. Department of Labor website, which was then used as the home base to redirect users to other malicious links.

The exact web pages that were eventually hacked, were about such employees or contractors who have incurred different illnesses while working on atomic weapons. Once the computers of these employees were compromised due to the IE 8 exploit, a well-known trojan ‘Poison Ivy’ was installed on their machines. The trojan had been modified so that it could be detected only by 2 of the top 46 antivirus software. This essentially means that the attack was very sophisticated.

While such users who can update their browser from IE 8 to IE 9 or IE 10 are safe from the exploit, others who are not able to update their browser must follow these guidelines:

  • Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
    This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
    This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Source: Invincea

Courtesy: Arstechnica

Buy Cheapest Related Product From Amazon.com


Facebook Can Lead To Psychosis, Reveals Study

Indiegogo Campaign Launched For Gathering Money To Help Survivors Of Savar Garments Tragedy
You can also press the left/right arrow key on your keyboard to go to previous/next post
  On May 5, 2013(3 years, 4 months ago.)

You May Also Like:

What Do You Think?

1 Response

  1. Tsais Says:

    One would expect nuclear weapons researchers to be too smart to use IE, no?

    I had thought this kind of physics required a high IQ…

    Posted on May 6th, 2013 at 6:48 PM

Leave a Reply




Loading Facebook Comments ...

FTC Disclosure: Some of the links of this website are "affiliate links." This means if you click on the link and purchase the item, we will receive an affiliate commission.


Recent Search

Recent Tutorials

There is a high-risk XSS Vulnerability in W3 Total Cache, and we have got the guide to the fix for you.
Check out this tutorial to know how to install Apple watchOS 3 beta certificate on your Apple Watch and start enjoying the new version.
If you are trying to jailbreak iPhone, iPad or iPod on iOS 9.2 - 9.3.3 without using a computer or Apple ID, then check this video tutorial.
Pokemon Go users are complaining about the crashing and server issues. Check out the tutorial to solve error problems and thanks us later.
Turning off Wi-Fi Assist is a great way to save mobile data since it automatically starts using cellular data when Wi-Fi signal is poor .
If you want to secure your SIM card from others using it, then check out this tutorial to know how to set up the SIM Pin code on your iPhone.
CiderTV is a great alternative to control Apple TV from the Notification Center. Check out this tutorial to set up CiderTV on your iPhone.
Are you annoyed by the split screen mode on the iPhone 6 Plus or 6s Plus? Check out this quick tutorial to turn off split screen feature.
If you could not wait to installed the iOS 10 beta version on you iPhone and now struggling for the errors, then this tutorial is for you.
Siri might not understand the question you asked. But you can use Siri by editing the text that you asked & it will give an updated answer.
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook