IE VML (vgx.dll) Massively Exploited ItW

aside from multiple sites exploiting it, isp’s now report their tech-support lines are flooded with calls about ie “crashing”. this has also been reported by cox on the botnets mailing list on whitestar.

this is fast becoming more serious.

gadi evron,
ge@beyondsecurity.com.

Share
  • http://www.whiteacid.org Sid

    Why would you call your ISP when IE crashes?

  • sunshine

    It’s tech-support. they call when copy-paste doesn’t work.

  • http://www.whiteacid.org Sid

    I wonder what the tech support say. Get another browser?

  • http://prozacville.com Prozacgod

    Great, I work at an ISP in a rural community, I just can’t wait to go to work tomorrow … Coincidently I’m dissasembling and studying the code that was published for this attack. Why do zero day exploits, come with byte code.. can’t people be nice and just give me the asm code too ;) oh well…

  • http://blogs.securiteam.com/index.php/archives/author/mattmurphy/ Matthew Murphy

    Sid: Probably what they say is “Well, time to reformat”. The attacks in question are loading a whole laundry list of malware onto the attacked boxen, some of it with well-developed rootkit characteristics, no doubt.

  • http://www.whiteacid.org Sid

    Oh man, I’m so happy I dropped IE years ago and that I have safe browsing habits.

  • l0n9ker

    我不用IE

    I just want to know…..

    Hum…It’s a secret

  • http://digi.whiteacid.org/ digi7al64

    damn,

    I bet anybody smart enough to have the “WebAttacker” kit (only $20 with full technical support) must be loving life these days.

  • http://prozacville.com Prozacgod

    Refering to sids post – We encourage people to switch to firefox, and as one of the few places where you can get your PC’s OS reinstalled, we prepackage it with firefox & thunderbird, all preconfigured with thier settings, haven’t had a complaint yet. – Of course switching browsers is not the end all solution.. but for now it helps. Whats scary is the number of Win98 Box’s that come through the door.. uhg – Our normal statement is ‘we can’t support that machine since Microsoft no longer does, we can’t fix it – or it would be too costly to fix it – might as well get a new box.

  • http://www.BeyondSecurity.com Aviram

    Prozacgod – did I understand you correctly? Does the company you work for, an ISP, supply OS reinstalls?

    A lot of people in our industry were waiting and hoping for that to happen, but I had no idea it was already happening. Can you supply more info?

  • http://spamhuntress.com/ Spamhuntress

    ISP’s in rural areas, with enough techs, will often help with machines – for a price. Mind you, they sell computers too. If they come in with a sorry excuse for a Win98 box, a new box is waiting in the wings for them. A snappy Win98 box with no spyware might last a bit longer, as long as the customer doesn’t need anything done to it. Like installing wifi on an old box…

    In Norway, we have PC techs in booths at the big electronics store chains. We have the friendly neighborhood computer stores where customers can drop off their boxes for a once over or reinstall. We have some regional ISP’s with support and paid computer service. And we have companies that come to your house to fix your computer.