An exploit kit is now able to write an executable file on the disk without using an exploit, researchers said.
The malware developers created the exploit kit using VBScript, the Active Scripting language developed by Microsoft, said researchers at Sourcefire.
Unlike other exploit kits, this one doesn’t need to leverage vulnerabilities in Java, Adobe or other software to serve the malware.
By using VBScript, attackers can execute malicious code without downloading an actual executable file and without using an exploit.
Researchers tested the attack on Windows XP running IE 8 and on Windows 7 running IE 9. In both cases, users are prompted the malicious website wants to run an add-on called “Microsoft Script Runtime” from Microsoft.
It’s likely that users will click the “Allow” button considering that the application seems legitimate. When that happens, it is game over.
The malware distributed in this attack is Win.Trojan.Ircnite-27.