Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

Spike Of "iepeers.dll" Exploits

image
JULIEN SOBRIER
May 18, 2010 - 1 min read
Security Insights

Contents

  1. Article
  2. More blogs

We have seen a spike in exploits using  the CVE-2010-0806 "iepeers.dll" vulnerability since this past weekend. The vulnerability affects Internet Explorer 6 and 7.

We have seen this exploit in the wild since that day, usually a few times a week. However, this past weekend, we witnessed a spike of several hundreds exploits a day. They all come from the same type of URL (hxxp://1269754898890.9934.eu.tv/mm/index.html) with different numbers for the sub-domains. The content of the malicious pages is exactly the same.

The code is well obfuscated - it is split between several files, uses eval, DOM references, and exceptions (try ... catch). From the information I could gather, the exploit page has been written by Chinese hackers to target Chinese users. Part of the intermediate code generated is written with Chinese characters. Samples of the exploits have been reported in a couple of Chinese forums. It seems that users get redirected to the exploits from other websites, mainly though hacked sites.

Here is what the original source code looks like:
 

 
 
Image
Source code of the "iepeers.dll" exploits used in recent attacks


The page does not require any user interaction. The exploit runs as soon as the user gets redirected to this page.

-- Julien

form submtited
Thank you for reading

Was this post useful?

vote yes
Yes, very!
vote no
Not really

Disclaimer: This blog post has been created by Zscaler for informational purposes only and is provided "as is" without any guarantees of accuracy, completeness or reliability. Zscaler assumes no responsibility for any errors or omissions or for any actions taken based on the information provided. Any third-party websites or resources linked in this blog post are provided for convenience only, and Zscaler is not responsible for their content or practices. All content is subject to change without notice. By accessing this blog, you agree to these terms and acknowledge your sole responsibility to verify and use the information as appropriate for your needs.

Explore more Zscaler blogs

A cyber criminal shopping for malware

Agniane Stealer: Dark Web’s Crypto Threat

Read post
Business people walking through a city

The Impact of the SEC’s New Cybersecurity Policies

Read post
Digital cloud illuminated in blue

Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)

Read post
TOITOIN Trojan

The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region

Read post

01 / 02

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.