IE 8 zero-day attack spreads to military sites

Microsoft urges IE 8 users to upgrade as Metasploit module appears

A so-called "watering hole" hacking attack on the US Department of Labor website last week has spread to nine more global websites over the weekend, including those used by European aerospace and nuclear researchers.

Originally discovered on 1 May, the Department of Labor's Site Exposure Matrices site began, via JavaScript inserted into an iFrame format video, redirecting users to an infected site hosting the Poison Ivy remote access Trojan.

The attack, which is so-named as it targets users of very specific interest groups, was initially thought to affect a vulnerability known as CVE-2012-4792 in Internet Explorer versions 6 through 8 - which Microsoft patched earlier in 2013.

However, it has now become apparent that the exploit is via a zero-day vulnerability in Internet Explorer 8 only. While this is potentially good news for many Internet Explorer users, a recent survey by statistics site WebMarketShare shows Internet Explorer 8 has the largest single share of the browser market, with 23.08 per cent of internet users still using it.

A module for popular "vulnerability testing" software Metasploit was also made available yesterday, so users should be doubly vigilant.

Microsoft has simply suggested IE 8 users upgrade to a newer version for now, but has also said it will tackle the exploit in a Patch Tuesday release in the near future.