Chinese cybersecurity company Qihoo 360 has discovered (translation necessary) a new Microsoft Internet Explorer zero-day exploit it says is already being used in the wild. Qihoo’s 360 Security Center said the zero day, which it calls a “double kill” due to targeting Internet Explorer and any other apps that use the IE kernel, is already being used by an advanced persistent threat (APT), which are often government-sponsored.
The zero day requires a potential victim to open a malicious Microsoft Office document that contains a link to a website designed to deliver a malware payload, which is a common way for attackers to infect victims. Once someone is infected, Qihoo 360 said, attackers can install backdoor Trojans or even gain complete control over the machine.
Read more about the newly discovered “double kill” bug in Internet Explorer that is already being used by possible nation-state hacking groups on TechRepublic.