Researcher Finds Three New Exploits Targeting Latest IE Zero-Day

A researcher at AlienVault has discovered three new servers delivering exploits targeting the latest zero-day vulnerability in Internet Explorer. Jamie Blasco, AlienVault Labs manager, said the one of the servers is delivering a new malware payload, and all of them appear to be targeting defense contractors in the United States and India.

Grum Botnet Attempts Another Comeback, Fails Again

The Grum botnet, which Dutch authorities and security researchers knocked offline earlier this summer, made a second, unsuccessful attempt at a comeback over the weekend when the bot herders stood up two new command-and-control servers in Turkey. The revival was short-lived however, and both C&Cs now are offline.


Facebook’s active-user count is rapidly approaching one billion. The world’s largest social network, which has long been a popular target and platform for attackers, will only become a more relevant outlet for scams and other fraud as it continues to grow.

Microsoft issued a security advisory Monday night and recommended several workarounds to mitigate a zero-day vulnerability in Internet Explorer reported over the weekend that is being exploited in the wild. Microsoft said it is still investigating the vulnerability, and may issue an out-of-band security update to patch the problem, or wait until the next Patch Tuesday update Oct. 9.

An Alamo, Texas developer on Monday warned Virgin Mobile U.S. subscribers that their accounts can be hacked after the company failed to respond with a fix.”I reported the issue to Virgin Mobile a month ago and they have not taken any action, nor informed me of any concrete steps to fix the problem, so I am disclosing this issue publicly,” Kevin Burke said in a blog post.

Security experts are warning enterprise and consumer users to stay away from Internet Explorer until Microsoft issues a patch for a new zero-day vulnerability in the browser. Active exploits have been discovered in the wild and are being linked to Nitro, the same group of hackers from China who were exploiting two Java zero-days in late August.

A new version of the TDSS/TDL-4 botnet is rapidly growing, primarily because it’s having great success using an evasion technique known as a domain generation algorithm (DGA) to avoid detection, researchers at Damballa Security revealed today.The algorithm helps the latest version of the botnet carry out click-fraud campaigns and is used primarily to rapidly move communication between victims and command-and-control servers from domain to domain, a technique known as domain fluxing, similar to fast fluxing.