Researchers at the security company Symantec claim that a “unpatched security vulnerability” in Microsoft’s Internet Explorer browser – versions 9 and 10 – has been “exploited by hackers in a widespread attack aimed at stealing users’ online banking credentials“, according to an article published by The Daily Caller website. The article indicates that the vulnerability – which attracted numerous, dramatic attacks – was noted on a blog posted by Symantec on Tuesday saying that “attacks by hackers shifted from smaller, targeted groups to a more widespread and far-reaching base of users.”
The report quoted Symantec’s post to say, “We’ve observed trends suggesting that attacks targeting this vulnerability are no longer confined to advanced persistent threats (APT) — the zero-day attacks are expanding to attack average Internet users as well. If the attack is successful, the exploit drops a banking Trojan that steals login details from certain banks.” According to the report, an attack on the Veterans of Foreign Wars website – discovered by FireEye researchers on Feb. 13 – was the first time the “security flaw” was exploited.
Since the original attack, this flaw has been discovered on numerous websites including “a mountain hiking community, dating service, language educator, financial market information provider, Japanese tour provider, online shopping outlet, and the French aerospace association GIFAS“,according to the article. The article indicates that all websites affected “were found to either be hosting the exploit or had an outside mechanism installed to load the hack into users’ systems from another infected site.”