Researchers said that a flaw in new versions of Microsoft Corp's Internet Explorer was exploited by hackers to attack a US military veterans' website, Reuters reported. The same flaw seemed to have also been used to attack employees of the French aerospace industry.
The flaw discovered in the IE 10 Web browser of Microsoft was reported this week just days after it had already been used inside the Veterans of Foreign Wars website. According to the VFW, a federal law enforcement agency was already looking into the attack and that the malicious code on the site had already been taken out. The nonprofit group did not specify which federal law enforcement agency is doing the probe, the report said.
Websense Inc said it also discovered a similar attack code on a page that was created on January 20 bearing a Web address that is almost similar to one that a French aerospace association uses. Websense Director of Security Research Alexander Watson told Reuters that this was an indication that the attacks that took advantage of the flaw had been happening for at least three weeks. He added that earlier attacks against higher value targets might have been successfully carried out and evaded detection, the report said.
FireEye Inc discovered the attack against VFW. The security firm said the most recent attack seemed linked to those lodged before against the Japanese financial sector, security company Bit9 and others. A big and well-organized group in China were said to be behind these attacks, according to security researchers of Symantec Corp, the report said.
The most recent attacks are said to be sophisticated since they depend on a flaw that is previously not known. This kind of flaw, called by the industry as "zero-day vulnerabilities" carries a price tag of at least $50,000 when offered by shadowy brokers to government agencies or contractors, the report said.
Join the Conversation