Zero-day exploit code for Internet Explorer of Microsoft has been detected on Italian certain web site. A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. Microsoft is analyzing that vulnerability. Malicious files were reported at Italian web site for winter supplies. And now, all exploit code had been removed.
2. Malicious file information
IE 0-day malicious files were found on following web site.
Files were submitted on September 14, 2012, and removed on September 16, 2012. exp.txt is only remained.
Reported Virus Total's results are as following.
"exploit.html" will execute Moh2010.swf which contains DoSWF(http://www.doswf.com/) program and can execute "Protect.html" with using iframe script.
"Protect.html" works for aiming at IE 7 and 8. It will try to install "111.exe" which were encoded XOR.
Upon executing "111.exe", it will install "mspmsnsv.dll" on system folder and try to access on certain host.
INCA Internet response team is fortifying security monitoring about IE 0-day vulnerability and abnormal symptom. New variants of malicious file can be detected by our nProtect Anti-Virus family. Users need to maintain latest update from being safe by these malicious files. Furthermore, in case of being spread by web site, these files are using security vulnerability. So, latest updates of OS and applications used frequently are needed. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats various variant files.
Free installation link of nProtect AVS : http://avs.nprotect.com/