Chinese Cyber-Attacks Came Through New IE Flaw

The cyber-attack that made Google reconsider its policy of co-operating with the Chinese government may have used a flaw in Microsoft’s Internet Explorer, according to one security vendor’s analysis, while others suggest PDFs were used to attack Adobe Reader.

A report from McAfee, which dubs the situation “Operation Aurora,” one of the malware samples involved in the attack exploited a new zero-day vulnerability in Microsoft Internet Explorer. McAfee revealed little about the flaw, stating only that its investigation showed IE is vulnerable on all of Microsoft’s operating systems, including Windows 7.

“Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system,” said McAfee CTO George Kurtz in a blog post. “The attacker can now identify high-value targets and start to siphon off valuable data from the company.”

Microsoft released some additional details about the vulnerability, which the company said is an invalid pointer reference within IE. According to Microsoft, the vulnerability affects IE versions 6, 7 and 8. The attacks the company has seen are reported to be targeting IE 6.

Talk of an IE vulnerability follows reports from other vendors that the attackers launched a spear-phishing campaign using Adobe Reader attachments. McAfee said it has not uncovered any evidence that a Reader vulnerability was exploited in the attacks.

However, according to VeriSign’s iDefense Labs, malicious PDFs were involved, and Google followed the attack code back to the drop servers and determined that the attack hit an additional 33 companies.

“According to sources familiar with the present attack, attackers delivered malicious code used against Google and others using PDFs as e-mail attachments; those same sources also claim that the files have similar characteristics to those distributed during the July attacks,” iDefense said in a report. “In both attacks, the malicious files drop a backdoor Trojan in the form of a Windows DLL.”

iDefense also noted similarities to a July 2009 attack in which hackers launched targeted e-mail campaigns against 100 IT-focused companies via a zero-day vulnerability in Reader.

“The code samples obtained by iDefense from the July attack and the present attack are different, but they contact two similar hosts for command-and-control communication,” the iDefense report continued. “The servers used in both attacks employ the HomeLinux DynamicDNS provider, and both are currently pointing to IP addresses owned by Linode, a US-based company that offers Virtual Private Server hosting. The IP addresses in question are within the same subnet, and they are six IP addresses apart from each other.

“Considering this proximity, it is possible that the two attacks are one and the same, and that the organisations targeted in the Silicon Valley attacks have been compromised since July,” the report concluded.

Page: 1 2

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

18 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

20 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

21 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

2 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

2 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

2 days ago