Recently, a fileless malware targeting over a billion Internet Explorer (IE) users has been identified.
Researchers at AhnLab Security Emergency-response Center (ASEC) have identified a fileless malware exploiting a known IE vulnerability(CVE-2019-1367), which is a remote code execution for IE's scripting engine. If infected by such malware, it could lead to severe outcomes, such as memory corruption, account takeover, and compromise of system control.
Fileless malware can easily infiltrate
a system without the proper security patch in place. When it does, the
shellcode operates in the memory area of the infected PC to check for any running
process and OS version. It also downloads malware on a specific path to perform
Due to the severity of the fileless malware, it is highly recommended that all IE users apply the latest security patches. The versions affected by the vulnerability
include IE 9, 10, and 11.
AhnLab's anti-malware product, V3, blocks
the following malware employing the fileless malware detection technology.
<V3 Product Alias>
- Malware / MDP.Exploit.M2718
- Exploit / JS.CVE-2019-1367.S1073
If you are using the latest version of V3,
remote code execution attacks exploiting the CVE-2019-1367 vulnerability can be
prevented. For more details, please view the video below.
▶ View related videos
Even if you are not using V3, you can still
manually remove the vulnerability by referring to the response guide provided