According to security software researchers, hackers have booby-trapped popular websites in Japan to exploit what is called a “zero-day” flaw in Microsoft’s venerable browser Internet Explorer (IE), prompting the software company to warn users of the vulnerability last week. In a blog post on Saturday, online security firm FireEye revealed their findings on the incident, saying that most of the affected users were indeed from Japan.
Darien Kindlund, a security researcher for FireEye, said that at least three major Japanese media websites were compromised in what is termed in the internet industry as “watering hole attacks” – where hackers infect sites that are frequently visited by their targets. The “zero-day” is a vulnerability in IE 8 and 9 that allows ultimately the stealthy installation of software in the users’ computers which then can be remotely accessed by the hackers. “The [organizations] that were affected span from Japanese government, to manufacturing and high-tech companies,” Kindlund said, adding that the attackers may have possibly “been interested only in one [company], but the others were collateral damage.”
“From one of the media sites, there were at least 75,000 visits made to the website before that exploit was discovered and was taken down. The earliest report we have of [that] media site serving up the exploit was Sept. 5,” Kindlund revealed. FireEye did not disclose which sites were infected, but added that Japanese computer security authorities were now working with the media outlets to make sure that the issue has been resolved.
The attackers had appeared to be doing a “large-scale intelligence gathering operation,” aiming to plant remote access tools on victims’ machines to steal intellectual property and other corporate data. On Monday, a Microsoft spokesperson declined to comment on inquiries about the flaw and the possible infections. The software company instead advised users to employ the temporary fix for the zero-day flaw. “There are only reports of a limited number of targeted attacks and customers who have installed the Fix It are not at risk from this issue,” the Microsoft spokesperson said. “We encourage customers who have not applied the Fix it provided by Security Advisory 2887505 to do so, to help ensure they are protected.”