Welcome to duststar theory
- random, casual, stray thoughts -
"Only a life lived for others is a life worth while." - Albert Einstein
Chinese’s attack on Google, and IE 0-day is out.
Autor duststar
In case you was not aware, Google got hacked from what is seems to be another series of “targeted attacks” by the Chinese.
Bojan Zdrnja from ISC wrote that “It appears that the initial attack vector on Google (and 20+ other companies!) was probably a malicious PDF document. Judging by attack dates posted by Google (middle of December), it was maybe even the very latest vulnerability”.
George Kurtz, CTO McAfee wrote that “McAfee Labs has been working around the clock, diving deep into the attack we are now calling Aurora that hit multiple companies and was publicly disclosed by Google on Tuesday.” Follow on, “In our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer. We informed Microsoft about this vulnerability and Microsoft is expected to publish an advisory on the matter soon.”
My personal thoughts on this hacking spree:
1. Seems to be using a combination of “Social Engineering” attack with “0-day” payloads. And I would not be surprised if a root-kit was used.
2. How individuals can protect themselves? Always patch your OS and applications, use limited rights account, configure firewall to limit outbound access, and use an anti-virus that relies on not only signatures to detect malware but behavioral and heuristic detection capability as well. It was all described previous in this post.
3. If you wish to do more, for the more technical individuals:
- Catching an IE/Firefox running in your process list but you see no “windows” on the foreground? Probably a trojan horse is using it to bypass your personal desktop firewall since you would have allowed these web browsers to access the Internet.
- Monitor your network connections. Look out for those connections that are frequent and periodic to single address. It might be the trojan horse’s communication channel.
4. It is a good time for corporates to re-look at their cyber security defensive strategies.
.duststar
Comment
Options
-
January 15, 2010 -
Cyber Security -
0 comments
-
Comments RSS -
Del.ico.us
-
Digg!