The time has come to upgrade to IE9 or 10 for all Windows users. A zero day attack started on a specific group of government workers government workers:
"The target of this attack appears to be employees of the Dept of Energy that likely work in nuclear weapons research," Invincea researchers wrote in a separate report published Wednesday.
cruising a Dep’t of Labor website which deals with illnesses observed in nuclear workers. This kind of attack using a targeted webpage to infect computers is called a “watering hole” attack as the website serves the targeted users, specifically.
Originally the vulnerability surfaced on IE8 Windows XP computers. The attack starts with a “redirect” browser hijack to imtermediary sites which then exploit the zero day vunerability using a variant of the “Poison Ivy” backdoor Trojan.
There are experts who are convinced that IE8 on Windows Vista and Windows 7 makes those systems vulnerable as well, but that is unconfirmed.
If you can’t move on from IE8, MS has issued these instructions:
- Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
This attack was generated by “DeepPanda” a group of hackers believed to be in China.