While we were researching the websites currently serving the new Microsoft Internet Explorer (IE) zero-day threat, we found that the new attack is being piggybacked on a slightly older attack aimed on industrial companies’ websites.
The hacked legitimate websites contain on their main pages a hidden iframe.
It was brought to our attention by this thorough Eric Romang article that a new zero-day exploit (an exploit actively used by cybercriminals in the wild) targets a bug in Microsoft’s Internet Explorer (IE) 7 & 8, and with some help from Java, it could be also exploited on IE 9, as confirmed by the Metasploit firm. At this time, as there is yet no patch from Microsoft, what can you do?
Not only users visiting high-risk sites need avast! protection, but also, for example, visitors of the well-known site samsungimaging.net (the Samsung SMART CAMERA blog) were able to notice that their avast! protected them from a threat.
Yesterday, on this site AVAST began to detect malicious Java content.