While we were researching the websites currently serving the new Microsoft Internet Explorer (IE) zero-day threat, we found that the new attack is being piggybacked on a slightly older attack aimed on industrial companies’ websites.
The hacked legitimate websites contain on their main pages a hidden iframe.
It was brought to our attention by this thorough Eric Romang article that a new zero-day exploit (an exploit actively used by cybercriminals in the wild) targets a bug in Microsoft’s Internet Explorer (IE) 7 & 8, and with some help from Java, it could be also exploited on IE 9, as confirmed by the Metasploit firm. At this time, as there is yet no patch from Microsoft, what can you do?
avast! Virus Lab… I once went to their floor accidentally, thinking it was my floor – it was dark and scary, and so I quickly turned and ran out. These folks are like mad scientists, practicing alchemy in white laboratory coats that are stained with hard-drive smoke and smell of burnt ones & zeros. They’re mostly nocturnal – like cyborgian vampires – and yet they’re always awake, online and available for ‘chat’ or email, even in daylight.
Or at least that’s partly the stereotype I had when I started at AVAST. After meeting and talking with a few “virus guys” at a company party, I realized they’re like every other department here… but just a little more reclusive… and thus maybe a ‘typical’ IT crowd. See here for yourself, as this interview is with a guy whose blog posts get a lot of traffic (even though someone of my IT ‘capabilities’ rarely understands anything he writes about). –Jason Mashak
1. You started at AVAST about 6 years ago, while still attending university – what was it like already working for a top antivirus provider while still a student?
I was a young chemistry student (which seems removed from IT, but even AVAST co-founder Pavel Baudis studied the same subject, at the same university :)) with no previous job experience or references. Most of the aspects of IT (including reverse engineering, programming in various languages, cryptography, etc.) were my hobby, and thus it was no problem to work for ALWIL [former name of AVAST Software, until 2010]. I had no clue what the business was about – it took me roughly a year to fully understand how a two-person project could become a successful company Read more…
The main role of antivirus being of course to catch viruses, borrowing computer terminology from the human environment is fitting… virus spreads from machine to machine, infecting them just like a flu. And just like in the case of influenza or other virus-type diseases, knowing the virus is the first step to a cure.
In the case of computers, it gets slightly complicated, because while nature presents a new influenza subtype about once a year and only now and then does it really get out of hand, virus creators are getting much faster at “turnaround” in their development of new viruses. Read more…