IE Zero-Day Lures Discovered

Date:03.30.2006

Threat Type: Malicious Code / Malicious Website

This is an update to earlier alerts posted regarding the spread of a new unpatched vulnerability in Microsoft® Internet Explorer (createTextRange). The original alert can be read here: http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=449.

Microsoft has posted additional information regarding this vulnerability in Security Advisory (917077): http://www.microsoft.com/technet/security/advisory/917077.mspx.

Attackers have begun spamming e-mail lures in an attempt to attract users to infected websites. These e-mail messages contain excerpts from actual BBC news stories and offer a link to "Read More". Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail. This website exploits the unpatched createTextRange vulnerability and is currently being used to download and install a keylogger. This keylogger monitors activity on various financial websites and uploads captured information back to the attacker.

Infected website screenshot: