Video Screencast Help

New Internet Explorer Zero-Day Used In Watering Hole Attack

Created: 30 Dec 2012 00:27:55 GMT • Updated: 23 Jan 2014 18:10:43 GMT • Translations available: 日本語, Português, Español
Symantec Security Response's picture
+1 1 Vote
Login to vote

 

We have received multiple reports of a new Internet Explorer zero-day vulnerability being exploited in the wild. Initial reports indicate that the website used in these attacks belong to a U.S. based think-tank organization. The site was believed to be compromised and used to serve up the zero day exploit as part of a watering hole style attacks as far back as December 21st.
 
A flash file named today.swf was used to trigger the vulnerability in Internet Explorer. The flash file is detected as Trojan.Swifi and protection has been in place for our customers since December 21st. Further details and analysis will be provided soon.
 
We have carried out in-depth research into watering hole style attacks dating back to 2009. That research and analysis is contained in a paper named The Elderwood Project, which we published in September 2012.