An unpatched security vulnerability in Windows’ popular Internet Explorer browser has been exploited by hackers in a widespread attack aimed at stealing users’ online banking credentials.
Attacks spawning from the security hole ramped up dramatically this week according to a Tuesday blog post by security researchers at Symantec, which said the attacks by hackers shifted from smaller, targeted groups to a more widespread and far-reaching base of users.
“We’ve observed trends suggesting that attacks targeting this vulnerability are no longer confined to advanced persistent threats (APT) — the zero-day attacks are expanding to attack average Internet users as well,” Symantec said. “If the attack is successful, the exploit drops a banking Trojan that steals login details from certain banks.”
The attack exploiting the security flaw was originally discovered on the Veterans of Foreign Wars website by researchers at FireEye on Feb. 13 according to a Computer World report, and affects Internet Explorer versions 9 and 10. It has since been found on the websites of a mountain hiking community, dating service, language educator, financial market information provider, Japanese tour provider, online shopping outlet, and the French aerospace association GIFAS.
Websites affected were found to either be hosting the exploit or had an outside mechanism installed to load the hack into users’ systems from another infected site.
Hackers behind the attacks originally designed them for specific “watering holes” — groups of users that frequent certain sites, but have since moved on to compromise a large number of websites and target an across-the-board group of users in North America, Europe, Asia and the Middle East.
Microsoft has yet to release a downloadable update or patch to fix the exploit, which has been identified as “CVE-2014-0322,” but the company has released a security advisory along with a temporary “Fix It” tool. Internet Explorer users are encouraged to update to version 11, which was released a few months ago and is not affected by the exploit.