Microsoft flaw used to attack French aerospace employees, veterans
SAN FRANCISCO (REUTERS) - A flaw in recent versions of Internet Explorer was used to attack visitors to a website for United States (US) military veterans, and also appears to have been used earlier against French aerospace industry employees, researchers said on Friday.
The flaw in Microsoft Corp's IE 10 Web browser was reported on Thursday, days after it was used inside the Web page of nonprofit US group Veterans of Foreign Wars (VFW). The VFW said on Friday that an unspecified federal law enforcement agency is investigating and that the malicious code on its site had been removed.
Security firm Websense Inc said it found similar attack code on a page set up on Jan 20 with a Web address nearly identical to one used by a French aerospace association.
That suggests the attacks using the flaw have been going on for at least three weeks, but might have succeeded earlier against higher-value targets and escaped discovery, said Websense director of security research Alexander Watson.