iHype discovers zero-day CVE-2014-8==D, or "TrouserSnake"

Zero-day impacting all versions of computer, used in opportunistic 
"flash" attacks often taking place after work hours, and exploiting the 
gullibility of corporate employees, leaving many exposed.

Tuesday, October 14, 2014  
In close collaboration with important technology vendors, iHype Security announced the discovery
of a zero-day attack campaign affecting computers, which have grown popular among companies and 
non-sports people. Vendors are releasing patches in a unified effort to prevent accidental exposure,
with a coordinated release taking place at 09:00AM EDT. 

Exploitation of TrouserSnake has devastated thousands, affecting social networks and the reputations of
their members. Though not as widely spread as ButterClam or other campaigns, the deep impact of
TouserSnake is expected to be felt by a number of organizations. 

Visible Attack
"Visibility into this campaign has given iHype a unique view into the methods of operation being
being employed in the wild." said Charl Atan, a representative from iHype, "and since we started our
tracking, we've been able to pinpoint several places that TrouserSnake has reared its nasty head."

RelevantPress was able to get in touch with renowned security expert @SecureTips, a consultant 
known for selflessly recommending solutions and best-practice behaviors for high-profile clients.

"The thing is, most users have to unzip an untrusted package to expose themselves. This isn't an 
attack so much as a social-engineering effort [and] the window of exposure is often small," said Tips,
"Users need to be wary, and consider all the unexpected places where this could pop up."

The current recommendation being given by Tips and others is to apply patches and be cautious of any
unexpected behaviors, particularly in isolated settings. Expect updates and follow-ups as details unravel 
in what will surely be a long, drawn-out security nightmare. 

Copyright RelevantPress, 2014.