Internet Explorer 'feature' causing drive-by malware attacks

Summary:My colleague at Kaspersky Lab Roel Schouwenberg (see disclosure) has discovered a drive-by malware download taking advantage of what Microsoft describes as an Internet Explorer "feature" to launch cross-site scripting attacks.The attack, discovered at a compromised legitimate site, is using a modified GIF file to exploit the cross-site scripting feature/vulnerability.

Internet Explorer ‘feature’ causing drive-by malware attack
My colleague at Kaspersky Lab Roel Schouwenberg (see disclosure) has discovered a drive-by malware download taking advantage of what Microsoft describes as an Internet Explorer "feature" to launch cross-site scripting attacks.

The attack, discovered at a compromised legitimate site, is using a modified GIF file to exploit the cross-site scripting feature/vulnerability.

Schouwenberg (left) said he reported the vulnerability to Microsoft a long time ago, warning the company that JavaScript embedded into GIF files can be executed under certain circumstances.  Microsoft disagreed and the issue was never patched.

Fast forward to the latest site compromise -- on a high traffic Web site -- where a GIF file containing an embedded iFrame is pointing IE users to a known malicious site.  (The malicious site is currently offline but there's evidence that it's tied to ID-theft attacks).

"This is a step more advanced than today's very common Web site compromises where some JavaScript gets added to the main page," Schouwenberg said.  In this case, a "view source" at the compromised site will not reveal any malicious code, making swift analysis harder.

Schouwenberg has contacted Microsoft again to reconsider its position on this issue.

Topics: Browser, Malware, Microsoft, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.