IE Flaw used by Hackers to Attack Google, Adobe, says McAfee
An Internet Explorer (IE) vulnerability was used by hackers to get past the defenses of Adobe, Google, and about 32 other companies, says security firm McAfee. Until now, the IE flaw had been unknown to security researchers, while the attack had initially been blamed on an Adobe PDF (Portable Document Format) vulnerability.
According to McAfee, hackers used a variety of tactics, including spear-phishing (email spoofing with a specific target in mind), to unleash an incredibly effective "cocktail of zero-day vulnerabilities," that exploited flaws in company systems and left backdoor loopholes for executing future breaches installed on affected computers.
IE, not Adobe, to Blame for Breaches
McAfee says the attack's success had little to do with vulnerabilities in Adobe Reader or Adobe Acrobat, but appears to have been the result of holes in Microsoft's popular web browser, Internet Explorer.
"In our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer," McAfee CTO George Kurtz noted in a blog post yesterday. "Our investigation has shown that Internet explorer is vulnerable on all of Microsoft's most recent operating system releases, including Windows 7."
Microsoft Advisory Expected "Soon"
Microsoft has not yet admitted IE's role in the issue, but said it was "investigating these reports and will provide more information when it is available." Kurtz said he expected the software giant to administer an advisory on the matter "soon." (Souce: computerworld.com)
The original attack took place earlier this week, originating somewhere in China. At that time, many tech pundits jumped the gun in speculating that the assault was related to PDF vulnerabilities. That now appears to have been an erroneous report.
Hacker Campaign Dubbed "Aurora"
The attack targeted a slew of companies, including Google, with the early victim count pegged at about twenty. However, as researchers have investigated the issue further, it's been found that about 34 total companies were affected.
Dubbed "Aurora" in reference to the name of the attacker's filepath discovered by researchers, security experts think this is probably the official name of the campaign as created by hackers. (Source: theregister.co.uk)
Free video: Windows 7 Tips and Tricks. In the Windows 7 Tips and Tricks video tutorial, author David Rivers shares tips and shortcuts to work more efficiently and get the most out of Windows 7. The course includes tips for controlling Windows with the mouse and keyboard, customizing the display, working with utilities, protecting your privacy on the Internet, improving the performance of the operating system, and more. Topics include: Customizing the shutdown button, Resurrecting the Quick Launch bar, Previewing files in Windows Explorer, Disabling taskbar balloon tips, and more. Click here to download this video now! Note: this video is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.