Email

Hackers used previously unknown Internet Explorer flaw in new attacks

A sign is pictured in the hallway of the Microsoft Cybercrime Center, the new headquarters of the Microsoft Digital Crimes Unit, in Redmond, Washington November 11, 2013. Microsoft, the maker of the most popular computer operating system in the world is launching a new strategy against criminal hackers by bringing together security engineers, digital forensics experts and lawyers trained in fighting software pirates under one roof at its new Cybercrime Center. Picture taken November 11, 2013. To match Feature MICROSOFT-CYBERCRIME/ REUTERS/Jason Redmond (UNITED STATES - Tags: BUSINESS SCIENCE TECHNOLOGY CRIME LAW)

(Reuters) – A previously unknown flaw in a recent version ofMicrosoft Corp’s Internet Explorer web browser is being used to attack Internet users, including some visitors to a major site for U.S. military veterans, researchers said Thursday.

A sign is pictured in the hallway of the Microsoft Cybercrime Center, the new headquarters of the Microsoft Digital Crimes Unit, in Redmond, Washington November 11, 2013. Microsoft, the maker of the most popular computer operating system in the world is launching a new strategy against criminal hackers by bringing together security engineers, digital forensics experts and lawyers trained in fighting software pirates under one roof at its new Cybercrime Center. Picture taken November 11, 2013. To match Feature MICROSOFT-CYBERCRIME/ REUTERS/Jason Redmond (UNITED STATES – Tags: BUSINESS SCIENCE TECHNOLOGY CRIME LAW)

Security firm FireEye Inc discovered the attacks against IE 10 this week, saying that hundreds or thousands of machines have been infected. It said the culprits broke into the website of U.S. Veterans of Foreign Wars and inserted a link that redirected visitors to a malicious web page that contained the infectious code in Adobe Systems Inc’s Flashsoftware.

FireEye researcher Darien Kindlund said that the attackers were probably seeking information from the machines of former and current military personnel and that the campaign shared some infrastructure and techniques previously attributed to groups in mainland China.

He said planting backdoors on the machines of VFW members and site visitors to collect military intelligence was a possible goal.

A VFW spokeswoman didn’t immediately respond to requests for comment.

A Microsoft spokesman said the company was aware of the targeted attacks and was investigating. We will take action to help protect customers, said spokesman Scott Whiteaker.

The latest version of the browser is IE 11, which is unaffected, and a Microsoft security tool called the Enhanced Mitigation Experience Toolkit also protects users who have installed that.

Previously unknown flaws in popular software are a key weapon for hackers and are sold by the researchers who discover them for $50,000 or more, brokers say.

They are most often bought by defense contractors and intelligence agencies in multiple countries, but some of the best-funded criminal groups buy them as well.

(Editing by Cynthia Osterman)

Related posts

Elon Musk’s new job will bring tech ‘disruption’ to the US government – and history says it won’t be pretty

Common challenges with hydraulic fluid power systems

AI feels like an unstoppable force. But it is not a panacea for businesses or society