Cybercriminals use the Eleonore Exploit Kit to hack into IE
November 8, 2010
An unpatched security vulnerability in Internet Explorer has been added to a popular cybercrime toolkit, making IE now even more susceptible to an attack than before, and the news are traveling rather fast throughout the blogosphere.
Microsoft isn't due until tomorrow for its next "Patch Tuesday" security update and some observers in the security field say that Microsoft won't have sufficient time between today and tomorrow afternoon to issue the proper security patch for the vulnerability.
This simply means that cybercriminals who use the Eleonore Exploit Tool Kit can take full advantage of the unpatched security hole to more easily plant banking Trojans, viruses and other malware on the computers of unsuspecting Internet Explorer users.
And a patch for the wide open Internet Explorer hole isn't on the menu for tomorrow either. Microsoft previously acknowledged that the unpatched flaw in Internet Explorer had appeared in targeted attacks, but failed to do anything about it.
The Eleonore Exploit Took Kit retails for just a few hundred dollars through cybercrime forums, which means it's available to 'script kiddies' of modest means who can then use it cause trouble, probably through attacks that rely on tricking victims into visiting booby-trapped websites.
The use of the security hole in a general use exploit toolkit raises the bar and ought to prompt Microsoft in considering whether an out-of-band patch might be needed, notes AVG's Roger Thompson.
He adds that computer users everywhere can protect themselves from such potential attacks in the absence of a patch by using the security firm's LinkScanner tool.
The unpatched vulnerability in Internet Explorer affects versions 6, 7 and 8 and revolves around many security holes in Cascading Style Sheets (CSS) in the way they handle tokens.
Malicious code exploiting the security vulnerability can be used to drop Trojans and viruses onto the machines of visiting surfers who visit exploit sites, providing they are running IE 6, 7 or 8 and unless they are using a tool capable of blocking the attack.
Source: AVG Anti Virus.
You can link to the Internet Security web site as much as you like.