Anatomy of the attack
The decrypted result is actually the malicious payload which will trigger a heap spray attack and will write the malicious code into the browser’s User Data area, making it persistent: every time the browser starts, the malicious code is executed without any subsequent intervention (drive-by download), which will result in the automatic download of a file called either notes.exe or svohost.exe (detected by BitDefender as Gen:Trojan.Heur.PT.cqW@aeUw@pbb).
Mitigating the risks
Microsoft announced that the exploit is already in the wild and that users will be provided with a fix as soon as possible. Most likely, the vendor will issue a patch on the next “patch Tuesday”, namely on April 13. Since Internet Explorer