Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

FireEye reports IE 10 zero-day being used in watering hole attack

Published: 2014-02-14
Last Updated: 2014-02-14 04:11:27 UTC
by Chris Mohan (Version: 1)
3 comment(s)

The good people of FireEye Labs posted on discovery of a IE 10 zero-day being used in watering hole attack on a breached server in the US [1].

FireEye are working with Microsoft, so details are fairly thin. To quote from their first short blog post:

"It’s a brand new zero-day that targets IE 10 users visiting the compromised website–a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it."

Those looking after IE 10 users may want to keep an eye on their proxy logs for the follow on download as a potential indicator. 


FireEye have provided a great deal of detail on the attack in a second blog post, which is well worth a read and gives plenty of the indicators of compromise to run through your logs and filters:


Chris Mohan --- Internet Storm Center Handler on Duty

Keywords: IE 0 day
3 comment(s)
Diary Archives