Results for internet explorer

Threat Research

New jRAT/Adwind Variant Being Spread With Package Delivery Scam

At the beginning of February 2018, FortiGuard Labs collected a malicious email with the subject “UPS DELIVERY UPDATE”, as shown in Figure 1. Phishers and scammers traditionally misuse the names of well-known organizations and individuals in order to make their malicious messages seem legitimate, allowing them to more easily trick unsuspecting victims. This email message contains a fake order tracking number with a bogus hyperlink that, rather than connecting the user to a legitimate website, downloads a jar malware. After a quick analysis, I was able to determine that this malware is jRAT/Adwind.

By Xiaopeng ZhangFebruary 16, 2018

By Michael PernaJuly 25, 2014

Threat Research

A Technical Analysis of CVE-2014-1776

Hong Kei Chan, Junior AntiVirus Analyst On April 26, 2014, Microsoft published an advisory for a critical vulnerability in Internet Explorer (CVE-2014-1776) that would allow attackers to perform remote code execution. This zero-day vulnerability affects Internet Explorer 6 through 11, but is targeted mostly toward IE 9 through 11. The attack exploits the use-after-free vulnerability in IE by utilizing Adobe Flash Player to bypass the Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). This blog post will step through...

By Hong Kei ChanMay 27, 2014

By Michael PernaMay 03, 2014

Industry Trends

First End of Support Windows XP Internet Explorer Vulnerability Discovered

What's going on? Over the past weekend information became available about a previously-unknown vulnerability in all modern versions of Microsoft's Internet Explorer browser that allow an attacker to remotely execute code without the victim's permission. This can lead to compromise of your system and various malware to be installed. The exploit leverages a technique often used by attackers via Adobe Flash to bypass certain features of IE that are designed to prevent remote code execution (RCE). Why is this a big deal? This vulnerability (which...

By Richard HendersonApril 28, 2014

Threat Research

Medfos: An All-purpose Redirector

[ This article originally appeared in Virus Bulletin ]( <br/>Medfos is a heavily obfuscated trojan family which downloads modules capable of redirecting search engine results in the most popular browsers, including Chrome, Firefox and Internet Explorer. Its main module, the downloader, was found to be distributed via the Sasfis botnet. This article dissects the way the Medfos downloader deploys its downloaded modules, and the function of each. <p style="text-indent:...

By Benjamin ChangMarch 11, 2014

Industry Trends

Using Internet Explorer? Urgent Patch to Combat Zero-Day In The Wild Available

Microsoft announced today that an attacker or attackers are exploiting a previously known exploit in virtually all versions of Internet Explorer. Microsoft has released an out of bound Fix-It patch for users to implement as soon as possible while they work on a permanent fix. The exploit is CVE-2013-3893 and allows an attacker to execute code remotely - this means that simply by visiting a hacked or malicious website, you will likely have malware installed on your system. To install the Fix-It patch, visit this page. Simply click on the "Enable...

By Richard HendersonSeptember 17, 2013

Industry Trends

New NSS Labs Report: IE's Browser Security Bests Others

Microsoft's Internet Explorer 10 is the most secure web browser according to the results of a mid-May 2013 NSS Labs' analysis. Apple Safari 5, Google Chrome 25/26, Internet Explorer 10, Mozilla Foxfire 19 and Opera 12 were all evaluated against malware downloads and socially engineered malware. Results show that Chrome's malware download protection improved significantly, up to more than 83 percent from a 70 percent performance in NSS' October 2012 analysis, Browser Comparative Analysis Report - Socially Engineered Malware. IE earned a block rate...

By Stefanie HoffmanJuly 30, 2012

Industry Trends

Microsoft, Adobe Issue Critical Updates

Tuesday was quite a day for IT administrators—for the month of April, both Microsoft and Adobe released patch loads repairing a slew of critical flaws that could easily pave the way for users to become victims of malicious attacks. For its April Patch Tuesday security bulletin, Microsoft released six updates repairing a total of 11 vulnerabilities. Of the patches released, four were given the highest severity rating of “critical,” indicating that the vulnerabilities could enable remote hackers to launch attacks, usually without requiring...

By Stefanie HoffmanApril 10, 2012

Threat Research

Web Browser Warfare: European Facts

Remember some 10 years ago, when the web browser market was stagnating? Thankfully, those days seem to be long gone now, thanks to a rather intensive competition fostering innovation. A real bliss for the end users, now facing a relatively wide offer of (all free) browsers - the five most popular being: Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Google Chrome and Opera. Yet, the market shares of those are tremendously different: The September 2009 trends from AT Internet Institute (taken from 23 European countries - see above),...

By David MaciejakDecember 09, 2009