Targeted attacks on businesses continue
The Internet Explorer vulnerability used for the attacks on Google may be the talk of the town right now, but danger also looms from other directions, in the form of specially crafted PDF files. Although Adobe released an update for its free Reader last week, criminals and spies are continuing to take advantage of the fact that not all users and companies have installed the updates.
F-Secure is reporting an attack on a US company which performs contracts for the US Department of Defence. Last week attackers, believed to be from Taiwan, sent the company a deceptively genuine-looking document which exploits a known vulnerability (doc.media.newPlayer) in Adobe Reader to install a back door on a Windows PC. The update from Adobe fixes precisely this vulnerability.
However, there is still no update available for the vulnerability in Internet Explorer. Following the advice from the German Federal Office for Information Security (BSI), the French (CERTA) and Australian CERTs are also now warning against using the Microsoft browser and recommend the use of alternative products. An exploit for the vulnerability is now openly circulating. The vulnerability exploits a bug in Microsoft's mshtml.dll HTML Viewer library which occurs when processing specific JavaScript event objects.
Some German companies, for example, have already reacted by banning staff from surfing with Internet Explorer. Although Microsoft has published workarounds, such as enabling data execution prevention (DEP) and disabling active scripting, the average user is likely to have problems following the steps required – assuming they are even aware of the problem. There have not yet been any reports of generally available websites exploiting the vulnerability.
Google is meanwhile investigating whether staff from its Chinese operation may have been involved in the attacks. The company is reported to be analysing the networks at its Chinese subsidiary for traces of the back door trojan used in the attacks. McAfee, which published the first analysis of the Aurora attacks, has dubbed the malware involved Exploit-Comele and Roarur.dr and released signatures for these pieces of malware. Other anti-virus vendors (assigning their own names to the malware) have also released signatures for detecting this exploit.
See also:
- US to protest against Chinese hacker attacks, a report from The H.
- Warning over using Internet Explorer from German Government as exploit goes public, a report from The H.
- Security update released for Adobe Reader and Acrobat, a report from The H.
- Google considers closing its Chinese operation, a report from The H.
- US report: China is expanding its corporate cyber espionage, a report from The H.
- Infiltrated Chinese software spies on Tibetan government in exile's computers, a report from The H.
- F-Secure advises against using Adobe Reader, a report from The H.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
