McAfee: Chinese cyber attacks exploited Internet Explorer
Summary: McAfee said today that cyber attacks out of China, now called "Operation Aurora," exploited an unknown hole in Microsoft's Internet Explorer browser.
A post on McAfee's Security Insights blog today said that the Chinese cyber attacks - now being referred to as "Aurora" - partially took advantage of a "previously unknown vulnerability" in Microsoft's Internet Explorer browser.
The post said that folks at McAfee Labs have been working with companies that were hit by the attack, as well as government and law enforcement officials, and has analyzed "several pieces of malicious code" that were used in the attack. It said that IE is vulnerable on all of Microsoft's operating systems, including Windows 7, and that Microsoft has been notified and will publish an advisory soon.
McAfee also noted, to clear up some news reports, that it has not found any links between Adobe's Acrobat reader and the attacks. It further noted:
While we have identified the Internet Explorer vulnerability as one of the vectors of attack in this incident, many of these targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios. So there very well may be other attack vectors that are not known to us at this time.
McAfee also said "Operation Aurora" was sophisticated beyond what's been seen in previous attacks and changes the cyberthreat landscape:
Blaster, Code Red and other high profile worms are definitely a thing of the past. The current bumper crop of malware is very sophisticated, highly targeted, and designed to infect, conceal access, siphon data or, even worse, modify data without detection.
These highly customized attacks known as “advanced persistent threats” (APT) were primarily seen by governments and the mere mention of them strikes fear in any cyberwarrior. They are in fact the equivalent of the modern drone on the battle field. With pinpoint accuracy they deliver their deadly payload and once discovered – it is too late.
Finally, It said that companies of all sectors are valuable because they offer more the new valuable "loot" of the Internet - intellectual property. It wrote:
Like an army of mules withdrawing funds from an ATM, this malware enabled the attackers to quietly suck the crown jewels out of many companies while people were off enjoying their December holidays. Without question this attack was perpetrated during a period of time that would minimize detection.
All I can say is wow. The world has changed. Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats. In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private nonfinancial customer information and anything else of intangible value.
Separately, Microsoft CEO Steve Ballmer told CNBC today that Microsoft will continue to do business in China.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
As far as security is concerned....
Windows had a quiet Patch Tuesday this month. There are always security holes that are found, just because of the complexity of operating systems today. Every OS is going to have some sort of security hole somewhere. Windows 7 is pretty secure, but I still favour doing up the zipper of UAC to Vista levels. Still, Vista might've broke some compatibility because of the new security layers, but Windows (excluding XP) is better because of it. Each version of Windows gets better and better security, and virus writers get more advanced in their coding techniques, but at least Microsoft isn't faltering with the quality of their responses.
Agreed
Since moving to Vista and 7, I gave up huge, bulky security products and malware scanners, and have consolidated all of that into one small package - MSE.
That combined with UAC and safe browsing habits have kept the baddies away.
Safe browsing habits...
So that means...
lol...
Excuse me?
IE is the most attacked because it is the most vulnerable. Microsoft should have taken security very seriously a long, long time ago, not just recently.
-[i]...and especially compared to many other companies.[/i]
What other companies? what is your source of information for this? Can you name one OS company that takes security less seriously than MS? Debian BSD and Red Hat servers and desktops get patched for the same vulnerability as MS much faster than Windows servers and desktops.
-[i]Windows had a quiet Patch Tuesday this month[/i]
Yeah. Patch Tuesday is becoming more common than casual Friday.
-[i]There are always security holes that are found, just because of the complexity of operating systems today[/i]
Lets not forget sloppy coding, release date panic, passing Beta for production...
-[i]Every OS is going to have some sort of security hole somewhere.[/i]
Yes, but some are a lot more likely to have them than others. IE is not an operating system.
-[i]Windows 7 is pretty secure...[/i]
...is that a fact? please tell us how you can ascertain that and, while you're at it, please
define "Pretty" as a measure of security.
-[i]but I still favour doing up the zipper of UAC to Vista levels. Still, Vista might've broke some compatibility because of the new security layers, but Windows (excluding XP) is better because of it.[/i]
FYI- VISTA IS DEAD. It was a poor excuse for an operating system on any level, ask Microsoft.
-[i]Each version of Windows gets better and better security...[/i]
Please refer to Microsoft's Vista campaign (Vista vs XP) and the bit about better security... and while you're at it, please define "Better" as a measure of security. Is it better or worse than "Pretty"?
-[i]...and virus writers get more advanced in their coding techniques,[/i]
You can thank cyber security firms for that.
-[i]but at least Microsoft isn't faltering with the quality of their responses.[/i]
The quality of response does not equal quality of product. People will gobble responses and believe them, especially when they think that there are no alternatives...
You've said nothing of substance.
Firefox and Safari are the most vulnerable browsers:
http://www.net-security.org/secworld.php?id=8489
OSX is easily hacked:
http://www.guardian.co.uk/technology/blog/2009/mar/18/apple-pwned-again
The world does not fit your prejudices.
IE has more vulnerabilities
one was prior to this hacking event.
Disagree? Prove me wrong.
Also note how I said "public knowledge" as opposed
to "unknown," obviously the Chinese knew at the
least...
You need to support your assertion.
They just aren't public knowledge, just like this
one was prior to this hacking event.
Disagree? Prove me wrong.[/i]
It's not on other people's shoulders to disprove something you have not supported.
Well ye, one fact is clear
Care to disprove Sam? ;)
Corrections
[i]"What other companies?...Can you name one OS company that takes security less seriously than MS?" [/i] The statement was "companies", not "OS companies". Which makes the statement accurate.
[i]"Yeah. Patch Tuesday is becoming more common than casual Friday."[/i] You only get casual Friday once every two months? Perhaps you should talk to management regarding this situation.
Cue FUD...[i]"Lets not forget sloppy coding, release date panic, passing Beta for production..."[/i]...end FUD.
[i]"...please define "Pretty..."[/i] More than "marginally", but less than "absolutely".
[i]"...please define "Better"...[/i] "Better" = "More" or "Improved"
[i]"You can thank cyber security firms for that."[/i] And, the folks that code the various OS's. Every version of an OS is a learning experience. No one is omniscient. That being the case, when mistakes are found, they're corrected, and people move on. It's happened with EVERY OS ever released, and will continue to happen until mankind manages to produce an infallible and omniscient being capable of pumping out millions of lines of code per year.
Wow you're Naive
I'm not saying this isn't a big deal but this was a previously unknown issue and Microsoft had no advanced Warning concerning this so you can't really say hey you're not addressing BUGS!
The fact is that MS has been taking Security Serious now for 6 to 8 years and as this article noted the WORM is a thing of the past as they just don't spread like that anymore and I don't know all the details of how this attack took place but it wasn't the old E-mail worm that ran through your network.
Also, somebody should really look at why Proxy Servers or Firewalls aren't picking up the increase in inbound traffic or maybe it is just that our Security Professionals aren't really Security Experts but people that were promoted into the job!
M$ has no incentive to eliminate vulnerabilities in windows
The chinese regime needs those windows flaws in place to keep an eye on both their citizens and free world citizens who support chinese activists. The success of M$ operations in china depends critically on the maintenance of those vulnerabilities.
That's impossible to do
Every single piece of software out there now, I can guarantee has at least a few of these. And, yes, that includes Apple software and Linux operating systems as well.
You're correct, all software has flaws
How many more remain?
How many freakin times do I have to hear the same lame spiel by MS claiming I should buy their expensive upgrade and then more hardware to support the many gigbytes of OS code bloat because this time they got it right and it's [b]the most secure version of Windows[/b] ever ever? I certainly can't count the number of times in the past that I have heard this. I stopped at Win XP.
NStalnecker, you and I have already discussed an apparent security issue and why you have disabled file and printer sharing completely in Win 7. That was my red flag and I knew this day, and many like it, would be coming for Win 7 (even if it affects all versions or IE - why haven't they found it in the decade of versions they released?). I still can't possibly fathom why people put up with this over and over again...
Tell me who did...
Crud, it wasn't all these hackers who post exploits... Nope, these were people paid to find holes and exploit them and I guarantee you they're highly trained and most likely hand chosen by the Communist / Socialist Regime in China...
Lets face it, the real problem isn't MS at all but rather the fact that our Government is choosing to ignore this threat from a country they gave "Most Favored Nation" Status!
I tell you what, you want to fix this problem then lets hold the presidential election again but this time Vote for McCain... Then when he lowers the corporate tax to 25% we'll start to get business back here so we can make money, Pay China Back and tell them to Go Screw Themselves!
How will this fix the issue? Well lets see, don't you think it is a very real possibility that some of the Hardware we're buying from China (all your motherboards and hard drives) are making some of these exploits possible? Maybe they're even spying on the OS for all we know.
Your the only person to make any sence here
Your the only person to make any since here, and like they say, beggers cant be choosy from who they borrow money from.
Thank our government for making deals with the devil.
Your argument is flawed.
The tax system needs to be structured so that businesses that move their operations out of the US are heavily punished (taxed) and businesses that pay wages to American workers (NOT executives) receive huge discounts.
The Chinese Government can "afford" to have 100,000 people in front of PCs (trying to hack them) everyday.
Can the US?
lehnerus2000
That's besides the point, Nicholas...
The real question is the design of the system and the risks that go along with it.
I realize denial is one of your strong suits, so do I need to post that short list of Ubuntu exploits for you [b]again[/b]?
MS should only be held responsible...
operating system to the Chinese government.
Doh! ;-)
Well, only...
this
:)