Trojan.Vimalov - New Internet Explorer Zero-Day Attack

Threat Advisory Center
New Internet Explorer Zero-Day Attack

Security Advisories

Trojan.Vimalov is a Trojan horse that leverages the VML vulnerability in Microsoft Internet Explorer to download spyware onto a victim's machine.

For more information, visit the Symantec Security Response blog.

	Buy Download
	Package Pre-order
	Buy Download PLUS BackUp CD (add $9.95)

$69.99

What It Is

New Internet Explorer Zero-Day Attack
Symantec Security Response is advising users to take extra precautions if they use any version of Microsoft Internet Explorer as a result of a new zero-day attack against the application.

As of September 18, 2006, new zero-day attacks have been observed. The attack leverages a previously unknown vulnerability in Microsoft Internet Explorer. This vulnerability is due to the way Internet Explorer handles Vector Markup Language (VML).

Currently, the vulnerabilities are being hosted primarily on adult and pornographic websites and are used to attack users visiting those sites to install spyware onto the victim’s machine. It is important to note that although the attacks appear primarily on adult sites at the moment, it is possible that they may spread to other more mainstream websites on the internet. The spyware may include a variety of security risks such as keyloggers that will monitor the keystrokes in an attempt to steal financial and confidential information.

There are no patches available from Microsoft for the vulnerability at this point.

Symantec Security Response has analyzed the threat and has provided protection for it via LiveUpdate and Intelligent Update. The current Trojan that leverages the zero-day vulnerability to attack is detected as Trojan.Vimalov. Symantec Security Response is also releasing intrusion protection signatures (IPS) to proactively protect customers against attempts to exploit the Internet Explorer vulnerability itself.

Protect Yourself
To reduce the possibility of being affected by the recently announced vulnerabilities, Symantec Security Response advises users to do the following:

1. Avoid visiting suspicious sites, especially those that are pornographic in nature.
2. As a workaround, disable Javascript handling in Internet Explorer by going to Tools menu of the browser, clicking on Options, and navigating to the Security tab.
3. Regularly run Windows Update and install the latest security updates to keep software up to date.
4. Use an Internet security solution such as Norton Internet Security to protect against today's known and tomorrow's unknown threats

If you own Symantec Products:
If you own Norton Internet Security or Norton AntiVirus, Live Update will automatically install the latest virus definitions and intrusion prevention security updates.

Update Virus Definitions

We will closely monitor further information related to this vulnerability, and will provide updates and security content as necessary. For more information, please click on the links below.