Targeted Zero-day Attack on CFR Site

It looks as if some people used the day after Christmas for mischief rather than relaxation. According to a FreeBeacon report, the website for the US foreign policy group, Council on Foreign Relations (CFR), was compromised on December 26th, 2012.

Judging from the exploit HTML file apparently used in the attack, users in specific countries were being targeted, as the attacker focused their attention specifically on browsers set to use the following Windows system languages:

  •  Chinese (Taiwan)
  •  Chinese (PRC)
  •  English

The compromised site itself was reportedly cleaned shortly after the attack was detected. However, we expect the exploit to become more widely used in other online attacks now that it has been added to the Metasploit framework.

The exploit affects versions 8 and lower of the Internet Explorer browser, so users with the affected program are advised to either update their software to versions 9 or 10, or switch to other browsers.

In the meantime, Microsoft has released a security advisory providing additional details and a workaround for affected users.


Updated on 2 Jan 2013: minor edit to emphasize the specific languages targeted.

Post — Wayne

On 02/01/13 At 01:03 AM

Read more: Targeted Zero-day Attack on CFR Site

Story added 2. January 2013, content source with full text you can find at link above.