New IE Zero-Day Exploit Leads to PoisonIvy

We’re currently investigating a new zero-day exploit that affects Internet Explorer versions 7, 8, and 9. The exploit, which is detected by Trend Micro as HTML_EXPDROP.II, is found to be hosted in {BLOCKED}.{BLOCKED}.104.149. Incidentally, this server also hosted the Java zero-day exploit reported last August 30.

Based on our initial analysis, when executed, HTML_EXPDROP.II drops a malicious .SWF file (SWF_DROPPR.II). The .SWF file then drops a backdoor detected as BKDR_POISON.BMN. More information the analysis will be posted in this entry.

Trend Micro Smart Protection Network™ blocks access to the malicious servers and detects the exploit and other malicious files. Watch this space for updates and additional analysis information.


Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog

Post from: TrendLabs | Malware Blog – by Trend Micro

New IE Zero-Day Exploit Leads to PoisonIvy

Read more: New IE Zero-Day Exploit Leads to PoisonIvy

Story added 17. September 2012, content source with full text you can find at link above.