Symantec is crediting a hacker group with an impressive track record as responsible for finding the latest as yet unpatched vulnerability in older versions of Microsoft's Internet Explorer browser. Read More ..
A gang Symantec calls the Elderwood group appears to have found the latest zero-day vulnerability in IE, which can allow a malicious website to automatically infect a person's computer.
Analysis of the attack code used to exploit the vulnerability has similarities to other code used by the Elderwood group to exploit other zero-day vulnerabilities in Microsoft's software, the company wrote on its blog.
In one example, Symantec found the phrase "HeapSpary" inside several samples of attack code.
"HeapSpary is a clear mistyping of Heap Spray, a common attack step used in vulnerability exploitation," the company wrote. "In addition to this commonality, there are many other symbols in common between the files."