SecurityTube

Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack

JB

This week’s watering hole attack exploiting a zero-day vulnerability in Internet Explorer was not limited to the influential Council on Foreign Relations site. A Metasploit contributor said an energy manufacturer’s website has been serving malware related to the attack since September.

Researcher Eric Romang said that Capstone Turbine Corp., which builds power generation equipment for utilities, has been infected with malware exploiting CVE 2012-4969 for four months and the latest IE exploit since Dec. 18.

Meanwhile, a Metasploit module has been added to the exploit platform, which could rapidly increase the public availability of exploits.