A flaw in recent versions of Internet Explorer was used to attack visitors to a website for U.S. military veterans, and also appears to have been used earlier against French aerospace industry employees, researchers said Friday.
The flaw in Microsoft Corp's IE 10 Web browser was reported on Thursday, days after it was used inside the Web page of nonprofit U.S. group Veterans of Foreign Wars. The VFW said Friday that an unspecified federal law enforcement agency is investigating and that the malicious code on its site had been removed.
Security firm Websense Inc said it found similar attack code on a page set up on January 20 with a Web address nearly identical to one used by a French aerospace association.
That suggests the attacks using the flaw have been going on for at least three weeks, but might have succeeded earlier against higher-value targets and escaped discovery, said Websense Director of Security Research Alexander Watson.
FireEye Inc, which discovered the VFW attack, said it appeared connected to previous attacks against the Japanese financial sector, security firm Bit9 and others that Symantec Corp security researchers attributed to a large and well-organized group in China.