Operation Aurora: Further activity - copycat sites

Filed Under: Malware, SophosLabs, Vulnerability

As previously predicted, copycat attacks attempting to exploit the IE zero day vulnerability (CVE-2010-0249) were inevitable.

Though numbers are still very low, over the past 24 hours or so we have seen a few sites serving up malicious code attempting exploit the vulnerability. Sophos products are blocking the content as Troj/ExpJS-N.

For the sites that are still active, the payloads are another Mal/PcClient variant being blocked as Mal/Generic-A, and a downloader Trojan being pro-actively detected as Mal/BredoPk-B.

SophosLabs will continue monitoring the situation, but as yesterday, stay alert for the patch which Microsoft have announced they will release ahead of the regular monthly cycle.


You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s