June 27, 2008 -- (WEB HOST INDUSTRY REVIEW) -- An online security researcher has found a drive-by malware download that exploits an Internet Explorer feature to launch cross-site scripting attacks, according to a report by ZDNet (blogs.zdnet.com/security/?p=1361).
Roel Schouwenberg, an analyst at Kaspersky Lab (kaspersky.com), detected the attack at a compromised legitimate site, is using a modified GIF file to exploit the cross-site scripting feature/vulnerability.
Schouwenberg said he notified Microsoft of the flaw when a similar attack occurred a while ago on a lower traffic site. He told Microsoft that the JavaScript embedded into GIF files can be executed under certain circumstances.
Microsoft, however, disagreed with his findings, and he said the vulnerability went unfixed.
The most recent attack took place on a high traffic website, where a GIF file with an embedded iFrame redirects IE users to a known malicious site.
Although the malicious site in question is currently offline, Schouwenberg says there is proof that the site is involved in ID-theft attacks. He says that the advanced malicious site is difficult to detect because the view source does not show any trace of malicious code.
Schouwenberg has once again contacted Microsoft about this most recent attack, asking the software firm to take another look at the problem.
