German government advises surfers not to use Internet Explorer
German government advises surfers not to use Internet Explorer

The German government's Federal Office for Information Security (BSI) has instructed citizens not to use Internet Explorer following the discovery of a zero-day bug in the browser.

The bug, which was discovered by security researcher Eric Romang, impacts versions 9, 8, and 7 of the Internet Explorer browser and led Microsoft to release Security Advisory 2757760 to address the issue. According to Reuters, hackers are using the bug to launch attacks, specifically against defence contractors, and until Microsoft issues a patch it has encouraged users to use other browsers.

The BSI said it was aware of targeted attacks and advised all users of Internet Explorer to use an alternative browser until the manufacturer has released a security update. "A fast spreading of the code has to be feared," the German government said in its statement.

Officials within Microsoft did not respond to a request to comment on the move by the German government, although the company downplayed the impact of the flaw in a written statement.

Yunsun Wee, director of the Microsoft Trustworthy Computing Group, said: “There have been an extremely limited number of attacks. The vast majority of Internet Explorer users have not been impacted."

Microsoft also said that it planned to release a patch in the next few days. However some security experts have said it would be too cumbersome for many PC users to implement the measures suggested by Microsoft and instead advised Windows users to temporarily switch from Internet Explorer to rival browsers such as Google Chrome, Mozilla Firefox or Opera.

AlienVault researcher Jamie Blasco confirmed that the zero-day was being used to target specific sectors, including defence and industrial. He said: “Following our investigations on the servers found serving the Internet Explorer zero-day and using OSINT, we were able to use the WHOIS mail address and the IP addresses used by the attackers to find fake domains registered by them.

“They contain specific names of companies related with: a US aircraft and weapons delivery systems company; a US defence decoy countermeasures company; a US aerospace and defence technology company; a US supplier for repairs of tactical fighters; a laboratory for energetic systems and materials; and a UK defence contractor. We also found a fake domain of a company that builds turbines and power sources used in several applications, including utilities and power plants.

“We were able to check that the official website of the company has been compromised as well and it is serving the Internet Explorer zero-day to the visitors. They've included an iFrame to the exploit in the entry page. Apart from that, it seems the exploit code has evolved and they are now able to infect not only Windows XP but also Windows 7 32bits running Java 6.”