Well, for the third time since they introduced the patch release cycle, Microsoft is set to release a third out of band patch. The patch will address the zero day flaw that came to light last week. This particular problem apparently affects IE5, IE6, IE7 and IE8 beta 2.
The CBC wrote:
The sites are mostly Chinese and have been serving up programs that steal passwords for computer games, which can be sold for money on the black market. However, the hole is such that it could be “adopted by more financially motivated criminals for more serious mayhem — that’s a big fear right now,” Paul Ferguson, a Trend Micro security researcher, said Monday.
Trend released a rudimentary signature for this exploit shortly after but, it could be easily bypassed. This may exploit may very well repurposed already. According to the site that broke the story in China, Knownsec, talk of this exploit has been around since earlier this year.
From the Websense alert we see that the majority of malicious sites are being served from China currently.
From Websense:
The majority of the exploits that we analyzed download a malicious Trojan from Web sites that have been categorized by Websense since September of this year. This indicates that the exploit writers have been operating for some time. They may have purchased the exploit, or possibly discovered it on their own, and timed the attack to follow Microsoft’s regular patch cycle.
Our research finds that the majority of malicious sites serving this exploit are originating from China (e.g ASN number AS4134 – CHINANET-BACKBONE No.31, Jin-rong Street).
As soon as the patch is available tomorrow we will be sure to update. Until then, browse safe.
UPDATE: As promised here is the link is all of it’s glory. Ger yer patch on.
