Blog Zscaler

Ricevi gli ultimi aggiornamenti dal blog di Zscaler nella tua casella di posta

Iscriviti
Security Research

Spike Of "iepeers.dll" Exploits

image
JULIEN SOBRIER
maggio 18, 2010 - 1 Minuti di lettura

We have seen a spike in exploits using  the CVE-2010-0806 "iepeers.dll" vulnerability since this past weekend. The vulnerability affects Internet Explorer 6 and 7.

We have seen this exploit in the wild since that day, usually a few times a week. However, this past weekend, we witnessed a spike of several hundreds exploits a day. They all come from the same type of URL (hxxp://1269754898890.9934.eu.tv/mm/index.html) with different numbers for the sub-domains. The content of the malicious pages is exactly the same.

The code is well obfuscated - it is split between several files, uses eval, DOM references, and exceptions (try ... catch). From the information I could gather, the exploit page has been written by Chinese hackers to target Chinese users. Part of the intermediate code generated is written with Chinese characters. Samples of the exploits have been reported in a couple of Chinese forums. It seems that users get redirected to the exploits from other websites, mainly though hacked sites.

Here is what the original source code looks like:
 

 
 
Image
Source code of the "iepeers.dll" exploits used in recent attacks


The page does not require any user interaction. The exploit runs as soon as the user gets redirected to this page.

-- Julien

form submtited
Grazie per aver letto

Questo post è stato utile?

Ricevi gli ultimi aggiornamenti dal blog di Zscaler nella tua casella di posta

Inviando il modulo, si accetta la nostra Informativa sulla privacy.