A previously unknown flaw in Microsoft's Internet Explorer web browser has been implicated in a spate of new cyber attacks, according to web security company FireEye.
It believes that hundreds of thousands of PCs may have been infected after the website of the US Veterans of Foreign Wars (www.vfw.org) was compromised. This compromise opened up a web page in the background when users visited, which silently redirected them to a site bearing malware.
FireEye researcher Darien Kindlund told Reuters that the attackers bore all the hallmarks of groups operating from mainland China - implying a Chinese government connection - and added that a possible goal of the attackers was to plant backdoors onto the PCs of the website's members, who are veteran military personnel.
It advises: "The exploit targets IE10 with Adobe Flash. It aborts exploitation if the user is browsing with a different version of IE or has installed Microsoft's Experience Mitigation Toolkit (EMET). So installing EMET or updating to IE11 prevents this exploit from functioning."
Other reports suggest it was a group with a track record for targeting high-profile organisations, including US government entities, defence contractors, high-profile law firms, Japanese companies and non-governmental organisations. They typically seek to implant remote access Trojans onto their victims' PCs.
A spokesman for Microsoft told Reuters that the company was aware of the attacks and IE10's possible role. IE11 is unaffected by the flaws.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy