After one of my recent blog postings concerning the recent zero day IE vulnerability [1
], I received a few questions and comments thanks to one of the comments I made:
Finally, and perhaps most worryingly, this type of advice feeds the “right now we have a problem, but as soon as the patch is available, we can relax” school of thought. Will the online world be significantly safer once this patch is available and widely deployed? Generally speaking, probably not.
The questions I received confirmed to me that this school of thought definitely exists. In this post, I will highlight one of the ongoing threats that justifies my statement - Sinowal (aka Mebroot) attacks.
I have posted several times before about Sinowal, highlighting:
The flow of a recent Sinowal attack is illustrated below (the identity of the legitimate, compromised .co.uk site is masked):