Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Elite hacker gang pulls out another IE zero-day from bottomless pocket

Gregg Keizer | Jan. 7, 2013
An elite hacker group credited last year with having an inexhaustible supply of zero-day vulnerabilities was responsible for digging up and first using the newest unpatched bug in Internet Explorer (IE), a Symantec manager today.

Microsoft's hand may be forced if recent online reports are accurate. Those reports, citing researchers who said they have spotted exploits of the IE bug being served by other compromised websites, may indicate an uptick in the number of attacks, often a factor in whether Microsoft issues an emergency update.

Narang was unable to confirm the additional attack sources, or say whether Elderwood was behind them.

Attack code, however, has been public since Saturday, Dec. 29, when a module was added to the open-source Metasploit penetration testing framework, a tool used by legitimate researchers and cyber criminals alike.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.