Recently, a fileless malware targeting over a billion Internet Explorer (IE) users has been identified.
Researchers at AhnLab Security Emergency-response Center (ASEC) have identified a fileless malware exploiting a known IE vulnerability(CVE-2019-1367), which is a remote code execution for IE's scripting engine. If infected by such malware, it could lead to severe outcomes, such as memory corruption, account takeover, and compromise of system control.
Fileless malware can easily infiltrate a system without the proper security patch in place. When it does, the shellcode operates in the memory area of the infected PC to check for any running process and OS version. It also downloads malware on a specific path to perform malicious activities.
Due to the severity of the fileless malware, it is highly recommended that all IE users apply the latest security patches. The versions affected by the vulnerability include IE 9, 10, and 11.
AhnLab's anti-malware product, V3, blocks the following malware employing the fileless malware detection technology.
<V3 Product Alias>
- Malware / MDP.Exploit.M2718
- Exploit / JS.CVE-2019-1367.S1073
If you are using the latest version of V3, remote code execution attacks exploiting the CVE-2019-1367 vulnerability can be prevented. For more details, please view the video below.
Even if you are not using V3, you can still manually remove the vulnerability by referring to the response guide provided by Microsoft.