By
Yesterday, Microsoft Security Advisory (977981) confirmed the latest IE browser exploit. Though this only impacts users of IE 6 and IE 7, those browsers are still very widely used (last number I saw suggested a 40% installed base though that number is shrinking).
“Summoner” is an unpatched Microsoft Explorer vulnerability that tries to access, or “summon from the dead”, a deleted object. That causes IE to exit into a vulnerable state where malicious code can execute. That malicious code can be just about anything: spyware, viruses, you name it.
Although antivirus (including ZoneAlarm’s antivirus) catches known variants of the malicious code, it most likely will not catch other variants that are sure to come which are designed to by-pass traditional antivirus security.
ZoneAlarm’s browser security in ZoneAlarm Extreme Security and ZoneAlarm ForceField can protect you even from unknown variants of this attack. Just turn on browser virtualization if it is not on already. Like other browser exploits including Gumblar and Nine-Ball, any malicious code that is silently installed onto your PC through a vulnerability stays within a virtual sandbox, keeping it separate from your operating system. Your system remains unharmed.
This is just the latest browser exploit getting some attention. It is certainly not the last.
PS. “Summoner” is known by many other names. (There is no “naming authority” for malware like this.) It has many technical designations, including Exploit.HTML.IframeBof (Kaspersky Lab), Exploit-IFRAME BO.demo (McAfee), Downloader.Trojan (Symantec), Exploit.IframeBO (Doctor Web), JS/IframeBOShell* (RAV), EXPL_IFRAMEBO.A (Trend Micro), HTML/Expl.IframeBof3 (H+BEDV), HTML/IFrameBoF@expl (FRISK), IFrame (ALWIL), Exploit.Html.Iframe.Bof.Gen (SOFTWIN), Exploit.HTML.IFrameBOF-3 (ClamAV)