Investigators from security vendor AlienVault have discovered a variant of a recently discovered Internet Explorer exploit that is used to infect targeted computers with the PlugX remote access Trojan (RAT) program.

The recently identified exploit strain targets the same unpatched vulnerability in IE 6, 7, 8 and 9 as the master exploit, but applies slightly different code and has a different payload, AlienVault Labs manager Jaime Blasco described Tuesday in a blog post.

AlienVault researchers have been going after attacks that apply the PlugX RAT since earlier this year. Based on file debug paths discovered inside the malware, they think that the relatively new RAT was developed by a Chinese hacker recognized as WHG, who had previous ties with the Network Crack Program Hacker (NCPH), a familiar Chinese hacker group.