Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

New Zero-Day Vulnerability Shares Links to Hidden Lynx

Created: 12 Nov 2013 16:13:12 GMT • Updated: 23 Jan 2014 18:03:15 GMT • Translations available: 日本語
Symantec Security Response's picture
+2 2 Votes
Login to vote

On November 11, Microsoft published a blog post about a new zero-day Microsoft Internet Explorer Unspecified Information Disclosure Vulnerability (CVE-2013-3918) affecting an Internet Explorer Active X Control, that had been publically disclosed on November 8. The blog states that this vulnerability is scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090 today through Windows Update at approximately 10:00AM PDT. As Symantec is part of the Microsoft Active Protections Program (MAPP), we are aware of this vulnerability and have the following protection in place for our customers:


Intrusion Prevention System (IPS):
Web Attack: Internet Explorer CVE-2013-3918

Based on the information provided in the public disclosure around the use of this zero-day in a watering hole attack, Symantec has been able to link its use to a group, dubbed Hidden Lynx, whom we have previously detailed in a blog and whitepaper. Our research and analysis has shown that this latest attack shares a command and control server (IP address with the Hidden Lynx group and that samples referred to in the public disclosure are variants of Trojan.Naid, a threat known to be used by the Hidden Lynx group. The following infographic summarizes the key information about this prolific Hidden Lynx group.


Symantec will continue to investigate this attack to ensure that the best possible protection is in place. As always, we recommend that users keep their systems up-to-date with the latest software patches. We also advise customers to use the latest Symantec technologies and incorporate the latest Symantec consumer and enterprise solutions to best protect against attacks of this kind.