FireEye Labs has identified a new Internet Explorer (IE) zero-day exploit hosted on a breached website based in the U.S. It’s a brand new zero-day that targets IE 10 users visiting the compromised website--a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it.
This post was intended to serve as a warning to the general public. We are collaborating with the Microsoft Security team on research activities. We will continue to update this blog as new information about this threat is found.
Update: We have posted a full analysis of the attack, which we have dubbed “Operation SnowMan.”