McAfee: China attackers exploited new IE hole
A new, unpatched vulnerability in Internet Explorer was exploited in the China-based attacks on Google and other companies, antivirus firm McAfee said on Thursday.
Microsoft was expected to release an advisory on the previously undisclosed hole on Thursday, McAfee spokesman Joris Evers told CNET.
A Microsoft spokesman released this statement when asked for comment: “Microsoft is investigating these reports and will provide more information when it is available.”
McAfee notified Microsoft of the zero-day hole in the last few days, Evers said. The vulnerability involves the way IE handles JavaScript, he said.
IE is vulnerable on all of Microsoft’s recent operating system releases, including Windows 7, McAfee CTO George Kurtz wrote in a blog post.
“As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property,” Kurtz wrote. “These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.”
Once it is downloaded and installed, the malware opens a back door that allows the attacker to gain complete control over the compromised system and “perform reconnaissance,” Kurtz said. “The attacker can now identify high value targets and start to siphon off valuable data from the company,” he wrote.
Many targeted attacks involve a “cocktail” of zero-day vulnerabilities combined with social engineering, he said. “So there very well may be other attack vectors that are not known to us at this time,” he wrote.
Initially, security researchers investigating the attacks believed that a hole in Adobe Reader was a culprit, but Adobe has said that it has no evidence to suggest that a vulnerability in its technology was an attack vector.
Google disclosed the attacks targeting it and other U.S. companies on Tuesday and said Gmail users who were human rights activists also were targeted.
Source code was stolen from some of the more than 30 Silicon Valley companies targeted in the attack, sources said. Adobe has confirmed that it was targeted by an attack, and sources have said Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical also were targets.
McAfee believes the internal name attackers gave to the operation was “Aurora” based on the file path on the attacker’s machine that was included in two malware files that McAfee has analyzed, according to Kurtz.
“That file path is typically inserted by code compilers to indicate where debug symbols and source code are located on the machine of the developer,” he wrote.
Wired initially reported the IE hole earlier on Thursday, citing an unnamed source.
Updated at 1:05 p.m. PST with Microsoft comment and more details from McAfee’s George Kurtz.
Originally posted at InSecurity Complex
Leave a Reply
You must be logged in to post a comment.