DeepGuard 5 vs. IE Zero-Day Exploit CVE-2013-3893
A brief video of F-Secure's behavioral technology (DeepGuard 5) protecting a test system from being compromised via Internet Explorer CVE-2013-3893 zero-day exploit.
The IE version in this video is vulnerable, i.e., the system does not have October's updates installed. The exploit on the video has been used in real attacks and is very similar to ones mentioned by FireEye and Dell, right down to the runrun.exe payload encrypted with 0x95 XOR key. The attack is replayed from a webserver on an isolated test network.
The exploit sets and checks a cookie to avoid exploiting the same system twice. Once DeepGuard has blocked the exploit and forced the tab to close, IE will try to reopen the tab. Because the cookie was set, the JavaScript code skips the exploit and simply redirects the user to Naver.
Watch video DeepGuard 5 vs. IE Zero-Day Exploit CVE-2013-3893 online without registration, duration hours minute second in high quality. This video was added by user F-Secure Labs 08 October 2013, don't forget to share it with your friends and acquaintances, it has been viewed on our site 2,159 once and liked it 1 people.