My apologies for the constant stream of posts on the VML exploit. I’m really not trying to spread a unnecessary panic here — and we are not at panic levels on this thing. There’s just a fair amount of data coming out on this thing and this blog has become a bit of a VML tempest.
Anyway, latest interesting news is this:
Hackers have hijacked a large number of sites at web hosting firm HostGator and are seeking to plant trojans on computers of unwitting visitors to customer sites. HostGator customers report that attackers are redirecting their sites to outside web pages that use the unpatched VML exploit in Internet Explorer to install trojans on computers of users. Site owners said iframe code inserted into their web pages was redirecting users to the malware-laden pages.
HostGator general manager Jason Muni told Security Fix that attackers had “reconfigured an unknown number of Web sites hosted on the company’s servers to redirect visitors to a third-party Web site that tried to load the IE exploit.” Muni said the company reconfigured all of its 200 servers to address the problem. But as of 5:30 pm EST Friday, some HostGator customers were continuing to report that their sites were compromised and redirecting visitors, indicating the problems were ongoing.
Link here.
It’s an exploit. And it works. What else do you expect hackers to do?
The world isn’t coming to an end though. Just take your normal precautions and unregister the VML dll.
Alex Eckelberry
(with a gracious hat tip to Ferg)