Double Kill Internet Explorer Zero-Day Exploit Reportedly Wreaking Havoc With Targeted Attacks
Qihoo 360 thankfully isn't divulging any technical details about Double Kill, but it does acknowledge that it has contacted Microsoft to give the company a heads up. What we do know, however, is that Double Kill involves an Internet Explorer vulnerability that uses Microsoft Word documents (usually sent an email attachment) as the attack vector.
Opening the Word document is all that is required for a malicious embed web link to deliver a trojan to the victim's computer. The trojan is then somehow able to activate Internet Explorer in the background to take control of the victim’s computer, even bypassing protections afforded by Windows User Account Control (UAC). What's worse is that there are no visual cues that would alert the user that something nefarious is going on in the background.
"Hackers carried out the APT attack by delivering Office documents containing malicious webpages," writes Qihoo 360. "When affected users opened the documents, malicious scripts and payloads using the vulnerability were downloaded from a remote host and executed."Although Microsoft has allegedly been contacted about Double Kill, it is not known if a fix will be rolled up into the next Patch Tuesday, which is scheduled for May 8th. Microsoft might have not had enough time to identify and properly vet its fix, as we've seen in cases before when Google pulled down the company's shorts for blowing past a deadline.
May 8th is also the latest rumored release date for the Windows 10 April Update.