Thursday McAfee said that Operation Aurora, the attack that hit Google and multiple companies early in the week, was the result of a new, "not publicly known" vulnerability found in Microsoft's web browser, Internet Explorer. McAfee said that it has informed Microsoft with its findings, and that Microsoft is expected to publish an advisory on the matter soon.
"As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals," said McAfee's George Kurtz in this official blog. "We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer."
Kurtz said that the malware opens a back door once it's downloaded and installed, allowing the attacker to "perform reconnaissance" and gain complete control of the compromised system. Once that takes place, the attacker can identify "high value targets" and siphon off valuable data from the targeted company.
Kurtz also said that although McAfee identified the Internet Explorer vulnerability as one of the attack vectors, he said that there could be additional vectors not yet discovered. According to their findings, Adobe Reader is not one of these vectors despite other reports blaming Adobe as a culprit. More information on the Internet Explorer vulnerability and Operation Aurora can be found on the McAfee blog.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
good thing I use Chrome!Reply
"Kurtz also said that although McAfee identified the Internet Explorer vulnerability as one of the attack vectors, he said that there could be additional vectors not yet discovered."Reply
Translation: McAfee (maker of the most bestest security software EVAR that wouldn't have even prevented this): "We're blaming IE 100% even though we don't really know exactly what happened."
Not much anyone could have done though in any case, if they were using a previously unknown exploit.
Another example of the security of closed-source applications.Reply
These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place
Wow so the user opened up the file, anti-virus didn't pick up the mal-ware..........and it's IE's fault?
twuCheap advertisement.It must be because no microsoft product would ever be defective or insecure... ever... not in a million years.Reply
The user was coaxed into clicking a link or executing a file.Reply
Since when is stupidity an IE exploit?
Cos no Linux user has ever clicked an unknown executable they shouldn't...ever...not in a million years
The best computer/OS is only as smart as it's user...Reply
"Since when is stupidity an IE exploit?
Cos no Linux user has ever clicked an unknown executable they shouldn't...ever...not in a million years"
These were high value target with access to confidential IP, ive got a feeling they are not going to be just clicking on any old link/file, on the other hand should the e-mail genuinely appear to be and signed as from HR chances are your going click that link especially if it says your not going get paid, don't fool yourself this was a concerted and sophisticated attack probably using advance reconnaissance to identify high value targets as well as procuring samples of official communication to counterfeit, which the exploited used to make appear to come from Google internally
even linux users need to get paid too....