Forum Moderators: open
A critical zero-day flaw in Internet Explorer was exploited as part of the attack on Google and other companies, according to both Microsoft and McAfee.
The flaw allows for a Web-based attack against IE 6 SP 1 on Windows 2000, along with IE 7 and 8 on XP, Server 2003, Vista, Server 2008, Windows 7 and Windows Server 2008 R2. According to Microsoft's security advisory, the company has only seen active attacks against IE 6 so far.
Those attacks were part of the campaign against Google, Adobe and other major companies that sought to break into the Gmail accounts of Chinese human rights activists.
Chinese hackers used Microsoft browser to launch Google strike [guardian.co.uk]
Microsoft has admitted that its Internet Explorer browser was the weak link used by hackers to attack Google's systems in China.
The world's biggest software company today issued a security advisory and warned of a loophole that was used by Chinese hackers to attack dozens of US companies - the same attack that led Google on Tuesday to announce its plan to drop the censorship of its search engine in China.
This vulnerability exists in all versions of Internet Explorer (IE6 is however the only version which has been actively targeted) and remains unpatched by Microsoft - who have not ruled out an "out of cycle" patch rollout before the next scheduled patch date.
From Microsoft: Microsoft Security Advisory (979352) [microsoft.com]
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: January 14, 2010
At this time, we are aware of limited, active attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other affected versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
There's a good write-up at the Register:
IE zero-day used in Chinese cyber assault on 34 firms [theregister.co.uk]
Hackers who breached the defenses of Google, Adobe Systems and at least 32 other companies used a potent vulnerability in all versions of Internet Explorer to carry out at least some of the attacks, researchers from McAfee said Thursday.
The previously unknown flaw in the IE browser was probably just one of the vectors used in the attacks, McAfee CTO George Kurtz wrote in a blog post. Using a sophisticated spear-phishing campaign, the perpetrators included malicious links exploiting the bug in emails and instant messages sent to employees from at least three of the targeted companies.
What's that say?
What's that say?
They forgot to remind their employees to install the all mighty google pack?
Seriously, I doubt this really has anything to do with a IE 6 vulnerability. I'd be betting on some good old fashioned spying in their chinese offices. Whats to stop the govt from sending people in as employees? Cleaners... engineers... the govt has them.
Since almost all computers are made in China and the vast majority of computers not assembled in China still contain parts made in China, what is to stop the Chinese government from inserting back doors or similar means into the hardware that they can then exploit later? It seems to me that the very fact we can't (as far as I can find) buy computers that do not have Chinese components in them is a national security threat.
That was worth repeating. The hairs on my neck stood at attention after reading that statement. What's stopping them? < Rhetoric question. Off to find a computer made in the good ole U.S.A. I'll return once I find one. ;)
[edited by: pageoneresults at 3:46 pm (utc) on Jan. 15, 2010]
back in the late 90s a backdoor was caught in a networking adapter.
iDefense, however, told Threat Level that the attackers were targeting source-code repositories of many of the companies and succeeded in reaching their target in many cases.
Basically, G might be angry at Chinese officials stealing of their IP.
PS: I just checked, and the results on google.cn appear to be censored again.
Note that several news outlets are now confirming that exploit code for this vulnerability is publicly available. IE8 in protected mode (which should be enabled by default) is not affected, but earlier versions are. If you have to run IE, then use IE8 - otherwise use Firefox, Safari or Opera instead at least until Microsoft produces a patch.
im still confused as to why IE6 is used inside google china.
It's just as likely that IE6 isn't capable of leaving you vulnerable but IE7 onwards do (intentionally, big brother much watch afterall).
IE should be avoided in all variations, entire countries (Germany) and major search engines (Google) have spoken.
IE gives me the distinct impression of a runaway train at this point, as if nobody is in control (or perhaps too many people are).
