Hackers Use BBC News as IE Attack Lure

Filed under: — By Aviran Mordo @ 7:55 pm

The ongoing zero-day attacks against users of Microsoft’s Internet Explorer browser have taken an ominous, social-engineering twist.

According to an alert issued by Websense Security Labs, in San Diego, excerpts from actual BBC News stories are being used to lure IE users to Web sites that launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.

One version of the spammed e-mail seen by eWEEK contains a portion of a BBC News item published on March 27 about the Chinese yuan hitting a post-revaluation high against the U.S. dollar.

After the legitimate excerpt, the hackers embedded a “read more” link that points to a Web site that contains a spoofed copy of the BBC News story from the e-mail.

Websense researchers found that the rigged site exploits the unpatched createTextRange vulnerability to download and install a keystroke logger without any user action.

Source: eWeek


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress