Spear Phishing and IE’s Bonfire of Vulnerabilities

13th May 2016 by in category IT Support Blog, Microsoft Windows tagged as , , , , , , , with 0 and 8

Anti spear phishing patches released for major IE security hole and 50 more vulnerabilities

Spear phishing image

They know where you shop or bank. Spear phishing occurs once the attackers have taken your details from online banking or eCommerce sites that you visit. Then they send you a rather convincing email, impersonating your bank or retailer. Image by Wk1003Mike (via Shutterstock).

This week, users of Microsoft Windows (from version 7 upwards), have been affected by a major security risk. It uses a technique known as Spear Phishing, which abstracts personal details from your social media accounts, forum posts, and bog-standard websites. After gleaning your personal details, the spear phishing group or individual sends a fake email. This could impersonate your bank or an eCommerce site you often visit.

Phishing is among the most common of all vulnerabilities. It brazenly disregards operating systems from Android to Windows, as clicking a fake link is platform agnostic. If s/he clicks the fake email link, their details are sent to a remote server. With your bank details, they phish your account, leaving you penniless.

A Watering Hole Attack is pretty similar to spear phishing.  Attackers snoop or guess a group’s website, then infect one or more websites with malware.

The spear phishing attack is among 51 vulnerabilities that have affected Windows users in the last five days. This and the other fifty vulnerabilities have affected users with Internet Explorer versions 9, 10, and 11. It has also affected the Microsoft Edge browser, Microsoft .NET Framework, and Microsoft Office.

Anti Spear Phishing patches

The vulnerabilities were spotted on a South Korean website and reported to the Microsoft Corporation by Symantec (Norton Utilities and Norton Internet Security fame) as CVE-2016-0189. This was followed by the release of patches for Internet Explorer versions 9, 10, and 11 (MS16-051), and Microsoft Edge (MS16-052).

Though the exploit has only been seen on a South Korean website, there is still enough scope for greater mischief and misery. As a preventative measure, we at Tabard IT recommend:

  1. Downloading the patches onto your Windows 7/8/8.1/10 PC;
  2. Changing the passwords of your social media accounts;
  3. Showing some discretion when you post on social media sites.

The last point is worth a blog post of its own, which we might consider publishing in the near future.

Tabard IT, 13 May 2016.

Add comment

Website Design & SEO by netsixtysix.co.uk | Sitemap