Security Response

In late September 2011, it was reported that a previously unknown and un-patched vulnerability in Hancom Office (a word processing software predominantly used in Korea) was exploited in the wild. We often hear of new exploits targeting software used worldwide and while these incidents tend to grab all the attention, we also encounter instances of regional software, which often have a limited user base becoming an exploit target. One example of a similar regional software that was also exploited in malware attacks is Ichitaro - a word processing software mostly used in government organizations and their associates in Japan. 

Symantec Security Response has confirmed that the Microsoft Internet Explorer Time Element Uninitialized Memory Remote Code Execution Vulnerability is being exploited in the wild. The vulnerability affects Internet Explorer versions 6, 7, and 8; however, the exploit we have acquired seems to only affect version 8. Microsoft has already released patches as part of the MS Tuesday release on June 14, so Symantec advises all users to install the patch. So far, we have only seen limited attacks taking advantage of this vulnerability and believe that the exploit is only being carried out in targeted attacks at present.

We have been able to confirm the existence of one such attack that involves a compromised website hosting content for a neighborhood restaurant. It appears that a duplicate of the top page of the website was either hacked to...

Symantec’s telemetry has shown over 12 million Intrusion Prevention Signature (IPS) hits on sub domains of the ‘CO.CC’ domain in the last six months. Anyone somewhat familiar with the top-level domain-naming hierarchy might be lead to believe that CO.CC is actually an official second-level domain similar to CO.UK; this, however, is not the case. .CC is the Internet country code top-level domain (ccTLD) for Cocos (Keeling) Islands...