Zero-day leak in Internet Explorer and Edge actively abused since 2014

The zero-day leak in Internet Explorer and Edge, that was patched last Patch Tuesday, has been actively used to infect internet users since 2014. Users were infected by viewing malcious advertisements. When the infection was successful the attackers could retrieve information about the infected computer.

Malware Behavioral Patterns

ADVERTISEMENT

The leak was reported to Microsoft by Trend Micro and Proofpoint last  year. The software giant then took measures. Further investigation showed that the leak was abused by two groups of cybercriminals who used malcious advertisements to infect internet users with malware since 2014. The group displayed their malcious advertisements to about 1-5 millions per day.

Before the actual infection, e.g through a vulnerability in Adobe Flash or Internet Explorer, the information disclosure zero-day in Microsoft's browsers was abused to gain information about the attacked system. This way the attackers could determine whether the attacked system belonged to a security researcher or was an automated test system from a security company. When this was the case the systems were not infected. This way the attackers could remain undetected for a long time.

No posts to display