Unholy Hong Kong hackers hit evangelicals with IE 0day

Fast moving blackhats backdoor church-goers.

8 Reg comments Got Tips?

Hackers are already using an Internet Explorer vulnerability disclosed this week to hack members of an evangelical church.

The attackers compromised the website of the Evangelical Lutheran Church of Hong Kong, injecting a malicious iFrame that redirects the faithful to a malicious website sporting the Internet Explorer vulnerability (CVE-2015-2502).

More javascript redirections lead to the PlugX (pdf) malware landing on machines. Once running, the malware opens a back door and begins harvesting data.

"The malware has been used in a range of attacks, mainly in Asia over the past three years," researcherssay.

"The vulnerability permits remote code execution if a user views a specially crafted webpage using Internet Explorer.

"Successful exploit of the vulnerability will grant the attacker the same user rights as the current user."

The unholy blackhats can gain unfettered access to the church-goer's computers including the ability to install programs, siphon or destroy data.

The weaponisation is impressive but not altogether unexpected; powerful browser vulnerabilities are a favourite of blackhats and they are quick to exploit it before users have time to patch.

The exploited bug is valuable because it affects all supported versions of Internet Explorer and is sufficiently dangerous that Microsoft made a rare and expensive out-of-band fix.

Users can apply the fix or move to the unaffected Microsoft Edge browser if they operate Windows 10. They should also install Microsoft's enhanced mitigation experience toolkit to increase their overall defences. ®


Biting the hand that feeds IT © 1998–2020