Entries filed under 'Zero-day'

Threat Research Blog

FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.


    New IE Zero-Day Found in Watering Hole Attack

    By Yichong Lin
    FireEye Labs has identified a new Internet Explorer (IE) zero-day exploit hosted on a breached website based in the U.S. It’s a brand new zero-day that targets IE 10 users visiting the compromised website--a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it. This post was intended to serve as a warning to the general public. We Read more...


    IE Zero Day is Used in DoL Watering Hole Attack

    By Yichong Lin
    Similar to what we found before in a series of watering hole attacks, targeting CFR and Chinese Dissidents,  zero-day and just patched vulnerabilities were used. In the latest watering hole attack against Department of Labor (DoL), our research indicates a new IE zero-day is used in this watering hole attack, although some other vendors claim they are using known vulnerabilities.This particular exploit checks for OS version, and only runs on Windows XP. Read more...


    YAJ0: Yet Another Java Zero-Day

    By Darien Kindlund, Yichong Lin
    Through our Malware Protection Cloud (MPC), we detected a brand new Java zero-day vulnerability that was used to attack multiple customers. Specifically, we observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed.Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking Read more...


    The Number of the Beast

    By James T. Bennett
    Yesterday, we sent out a warning regarding the PDF zero-day we found being exploited in the wild. Adobe has released a security advisory with mitigations. Here are more details about the attack. The JavaScript embedded in the crafted PDF is highly obfuscated using string manipulation techniques. Most of the variables in the JavaScript are in Italian. The JavaScript has version checks for various versions of Adobe Reader as shown below and it Read more...


    CFR Watering Hole Attack Details

    By Darien Kindlund
    [Updated on December 30, 2012] On December 27, we received reports that the Council on Foreign Relations (CFR) website was compromised and hosting malicious content on or around 2:00 PM EST on Wednesday, December 26. Through our Malware Protection Cloud, we can confirm that the website was compromised at that time, but we can also confirm that the CFR website was also hosting the malicious content as early as Friday, December 21—right Read more...