Chinese team mistakenly released unpatched IE7 exploit

December 11, 2008, 09:24 AM —  IDG News Service — 

Chinese security researchers mistakenly released the code needed to hack a PC by exploiting an unpatched vulnerability in Microsoft's Internet Explorer 7 browser, potentially putting millions of computer users at risk -- but it appears some hackers already knew how to exploit the flaw.

At one point, the code was traded for as much as US$15,000 on the underground criminal markets, according to iDefense, the computer security branch of VeriSign, citing a blog post from the Chinese team.

The problem in Internet Explorer 7 means a computer could be infected with malicious software merely by visiting a Web site, one of the most dangerous computer security scenarios. It affects computers running IE7 on Windows XP regardless of the service pack version, Windows Server 2003 running Service Pack 1 or 2, Windows Vista and Windows Vista with Service Pack 1 as well as Windows Server 2008.

Microsoft has acknowledged the issue but not indicated when it will release a patch.

The vulnerability was first revealed earlier this week by the Chinese security team "knownsec." Knownsec said on Tuesday they mistakenly released exploit code thinking that the problem was already patched, iDefense said.

"This is our mistake," knownsec said in a Chinese-language research note.

That mistake could mean that more hackers will try to build Web sites in order to compromise users PCs since the exploit code is more freely floating around on the Internet. However, other information indicates that hackers already knew how it worked before the release. According to knownsec, a rumor surfaced earlier in the year about a bug in Internet Explorer, iDefense wrote.

Information on the vulnerability was allegedly sold in November on the underground back market for US$15,000. Earlier this month, the exploit was sold second or third hand for $650, said iDefense, citing knownsec.

Eventually, someone developed a Trojan horse program -- one that appears harmless but is actually malicious -- that is designed to steal information related to Chinese-language PC games, a popular target for hackers.

Now, other Web sites are being built that incorporate the exploit. Hackers then usually try to get people to visit those sites through spam or unsolicited instant messages. The Shadowserver Foundation has published a list of domains that are hosting the exploit and subsequent Trojan, although users are highly advised not to visit the Web sites. Most are ".cn" domains, the top-level domain for China.

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Close

On Twitter now

IE

Powered by Twitter
You are logged in | Sign out
Sign in and post to Twitter

What are you thinking?

Cancel Tweet sent

On Twitter now

Comments

IE7

For the same reasons listed above, my computer crashed while using ie7 - a virus began downloading that bypassed Avira and Spybot. The next day Microsoft released a fix but by which time I lost everything. My hard drive is gone and when I contacted Microsoft, all they said is that there is a patch out. What good was the patch after the damage was done? I agree, stop using IE since there are many browsers out there and also faster and better search engines.
| reply

Recommend it to anyone.

Search-and-destroy Antispyware is the best scan that I have used to keep my PC clean and working like new. It’s a great scanner that finds all the same bugs that other scans such as Norton can find. What’s even better is that it cost less than many of the other options. I found the antispyware solution from Search-and-destroy at http://www.Search-and-destroy.com and decided to give it a try. That was one of the best decisions I ever made. I’m very happy with this scanner and would recommend it to anyone that wants to protect and care for their PC so it will last as long as possible.
| reply
peer-to-peer

Esther Schindler
If the comments are ugly, the code is ugly

claird
SVG a graphics format for 21st century

pasmith
Take Chrome OS for a test spin

Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?

sjvn
64-bits of protection?

jfruh
Android fragments vs. the iPhone monolith

mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive

 

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
Featured Sponsor

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Marketplace