New Internet Explorer Zero-Day Attack
Symantec Security Response is advising users to take extra precautions if they use any version of Microsoft Internet Explorer as a result of a new zero-day attack against the application.

As of September 18, 2006, new zero-day attacks have been observed. The attack leverages a previously unknown vulnerability in Microsoft Internet Explorer. This vulnerability is due to the way Internet Explorer handles Vector Markup Language (VML).

Currently, the vulnerabilities are being hosted primarily on adult and pornographic websites and are used to attack users visiting those sites to install spyware onto the victim’s machine. It is important to note that although the attacks appear primarily on adult sites at the moment, it is possible that they may spread to other more mainstream websites on the internet. The spyware may include a variety of security risks such as keyloggers that will monitor the keystrokes in an attempt to steal financial and confidential information.

Update: On September 26, 2006 Microsoft released an out-of-band patch to address the VML vulnerability. Users are advised to update their system with this latest patch as soon as possible.

Symantec Security Response has analyzed the threat and has provided protection for it via LiveUpdate and Intelligent Update. The current Trojan that leverages the zero-day vulnerability to attack is detected as Trojan.Vimalov. Symantec Security Response is also releasing intrusion protection signatures (IPS) to proactively protect customers against attempts to exploit the Internet Explorer vulnerability itself.

Protect Yourself To reduce the possibility of being affected by the recently announced vulnerabilities, Symantec Security Response advises users to do the following: Avoid visiting suspicious sites, especially those that are pornographic in nature. As a workaround, disable Javascript handling in Internet Explorer by going to Tools menu of the browser, clicking on Options, and navigating to the Security tab. Regularly run Windows Update and install the latest security updates to keep software up to date. Use an Internet security solution such as Norton Internet Security to protect against today's known and tomorrow's unknown threats

Norton Internet Security 2007 Stay protected from the latest online threats. Learn More Buy this Product

If you own Symantec Products:
If you own Norton Internet Security or Norton AntiVirus, Live Update will automatically install the latest virus definitions and intrusion prevention security updates.

Update Virus Definitions

We will closely monitor further information related to this vulnerability, and will provide updates and security content as necessary. For more information, please click on the links below.

Symantec Security Check		Featured Articles New IE zero day being exploited in the wild (InfoWorld, 6/19/2006) Porn sites exploit new IE flaw (CNET, 9/19/2006) Zero-Day IE Attacks Being Used By Porn Sites (PC Magazine, 9/19/2006)
Symantec Solutions