Hackers used IE zero-day, not PDF, in China-Google attacks
McAfee blames unpatched IE bug; Microsoft to release security advisory later today
Computerworld - Hackers exploited an unpatched vulnerability in Microsoft's Internet Explorer (IE) browser to break into some of the firms targeted in a widespread attack that compromised Google's and Adobe's corporate networks, McAfee said today.
According to Dmitri Alperovitch, vice president of threat research at McAfee, the unpatched vulnerability in IE was the only exploit used to hack into several of the companies attacked in December and early January. McAfee did not collaborate with all victims of the attacks -- researchers from VeriSign iDefense have put the total at 33 -- but in all its cases the evidence was the same.
"There could be other forms of attacks," Alperovitch said, "but in all we investigated, it was the same kind of attack, and the same exploit of IE, which was the only exploit we have found in all the malware we have examined."
Alperovitch said that Microsoft would release additional information about the IE vulnerability in a later security advisory. Other sources, who asked to remain anonymous because they were not officially allowed to comment, said that Microsoft would release its advisory today.
A Microsoft spokesman declined to confirm that the company would issue an advisory Thursday, saying only that "Microsoft is investigating these reports and will provide more information when it is available."
The nuts and bolts of the attacks have been of interest because of Google's announcement Tuesday that attacks last month made off with intellectual property from its corporate network, and also tried to access the Gmail accounts of Chinese human rights activists. Google said it had proof that the attacks originated in China. As a result, Google said it was reevaluating its business in the country, and might pull out of the market.
That same day, Adobe admitted that its company's computers had also been hacked, and said that the attack that hit it Jan. 2 was related to the Google attack.
Computerworld reported earlier this week that Google and Adobe, the only two companies to have stepped forward thus far to acknowledge the attacks, were hacked using malicious PDF files that exploited a zero-day vulnerability in Adobe's popular Reader software.
According to Mikko Hypponen, the chief technology officer of F-Secure, the exploited flaw was the one of eight that Adobe patched Tuesday. That bug had been public knowledge since mid-December, and had been exploited in targeted attacks -- the very kind that broke into Google, Adobe and others -- since sometime in November.
Alperovitch, however, rejected the idea that a rogue PDF was at the root of the attacks. "We have not seen, in all the organizations we've worked with on this, and there were multiple, any PDF files associated with the attack," he said.
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Cybercrime and Hacking White Papers |