Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Category:
News

Nitro Hackers Hit Internet Explorer With Zero Day Exploit

Image of Adam Gauntlett Legacy Author
Adam Gauntlett Legacy Author
|

Published: Sep 18, 2012 02:58 pm

This article is over 12 years old and may contain outdated information
image

The same team that hacked defense and chemical companies may be behind a recent zero day exploit.

A new zero day exploit has been discovered, and it affects Internet Explorer 7, 8 and 9 as well as older machines using XP, Vista and Windows 7. In other words it can hit millions of machines across the planet, and Microsoft has released free security software as a stopgap while it works on a more significant solution. It would seem that the ones who originated the exploit may be linked to the Nitro group that was very active late last year.

The zero day exploit was first revealed by Eric Romang, who discovered it as it infected his PC. At the time he had been “monitoring some of the infected servers used by the alleged Nitro gang.” According to Romang, as soon as the hackers realized that their cover had been blown they removed all the exploit files from their source server. “The guys how developed this new 0day were not happy to have been catched … But also more interesting the also removed a Java 0day variant from other folders.” That suggests there was something else hidden away which Romang’s activities inadvertently exposed, possibly linked to a Java-related zero day that was uncovered late August 2012.

The Nitro group, when it surfaced last year, was interested in military, government and chemical industry targets. According to Symantec “[the] attack campaign focused on the chemical sector with the goal of obtaining sensitive documents such as proprietary designs, formulas, and manufacturing processes.” Some of the attacks were traced back to a Chinese server, and it was thought at the time that the user – operating under the name Covert Grove – may have been significantly involved in the hack.

A zero day attack is called that because the attack exploits a previously unknown vulnerability in the system, so that the attack occurs on “day zero” of awareness of the problem. Though Symantec and other antivirus companies have released defensive updates for this IE exploit, they may not be sufficient. Liam O Murchu, research manager for Symantec, pointed out that “the danger with these types of attacks is that they will mutate and the attackers will find a way to evade the defences we have in place.”

Source: Guardian

Recommended Videos
The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy
related content
Author
Image of Adam Gauntlett Legacy Author
Adam Gauntlett Legacy Author