Security Bulletin - Aurora Internet Explorer Zero-Day Attack
Published Thursday, January 21, 2010 7:26 PM by sneedham
Aurora Internet Explorer Zero-Day Attack
As early as December 2009, emails containing links to malicious code were sent to Google, Adobe, and approximately 30 other companies. Commonly referred to as Aurora, the attack leveraged a previously unknown Internet Explorer vulnerability and the attack is ongoing. Aurora was designed to evade traditional anti-virus and Web reputation defenses to gain access to company assets and sensitive information. As of January 21, only 25% of AV vendors tracked protect against the payload according to this VT report. Websense® Security Labs™ has published important information – available below – regarding this threat.
What You Should Know
Websense provided its customers with zero day protection from this attack before it began in December. Aurora, and a growing number of similar Web-based threats, highlight the need for Websense Web, data, and email technology, which go beyond legacy security controls. Websense provides real-time protection for previously unknown threats like Aurora as they propagate over the Web and across email, targeting sensitive data stored on systems inside and outside the corporate network, helping to prevent systems from getting infected and sensitive data from being compromised. Put simply, Websense provides the most advanced security for modern threats.With Websense, customers receive:
• Real-time malware protection that goes beyond anti-virus to address previously undiscovered threats like Aurora on-the-fly, when they are first introduced.
• Advanced content security that spans Web, email and other channels to intelligently scan data coming in and out for legacy threats, exploits, script-based attacks, and data loss.
• Comprehensive protection for users at the corporate office, branch office, and who are mobile to carry security across the entire enterprise.More Information on Aurora
Timeline
The Aurora attacks are examples of what are being referred to as Advanced Persistent Threats (APT), described well by TaoSecurity in three simple points. In brief:
• Advanced means the adversary can operate in the full spectrum of computer intrusion.
• Persistent means the adversary is formally tasked to accomplish a mission.
• Threat means the adversary is not a piece of mindless code.The impact of these advanced attacks on the targeted organization can be severe and difficult to defend against. In this case, the attacks used complex exploit code delivered on websites. Vulnerable hosts were affected when they simply connected to the site. Post-infection, additional malicious code is downloaded, data is captured and the sent to remote websites.
Websense has been at the forefront of identifying and protecting our customers from zero-day exploits in the wild for several years. We expect that the number of attacks of this type will grow with time. We are now seeing other attackers use the Aurora zero-day exploit to infect vulnerable hosts. Since the code is now publicly available, we expect the next wave of attacks to come from cybercriminals whose techniques are equally sophisticated, but whose motives are somewhat different. They will most certainly be hunting for data, but it will be for monetary gain rather than information gathering.
Learn More
Websense Security Labs:
http://securitylabs.websense.com/content/Alerts/3536.aspx
http://securitylabs.websense.com/content/Blogs/3534.aspx
http://securitylabs.websense.com/content/Blogs/3530.aspx
Other Resources:
http://www.mandiant.com/services/advanced_persistent_threat/.
http://taosecurity.blogspot.com/2010/01/what-is-apt-and-what-does-it-want.html
http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx
http://www.microsoft.com/technet/security/bulletin/MS06-001.mspxFor information about how to be protected against advanced threats, visit http://www.websense.com.
For up-to-date information about Aurora, and for other breaking security information: http://www.websensesecuritylabs.com
This is a pretty bad infection out there on the net. But it goes to show that it is important, better yet, imperative that people verify links and/or avoid surfing on sites not approved by their corporate IT staff. And even though this article focuses on corporate settings, consumers should also verify with their PC security software vendor (McAfee, Symantec, AVG, Avast, Microsoft, etc) to ensure they are protected. However if you are not sure of how to get protection, or if you need help with evaluating the security of your PC and network you should definitely contact a technology and security specialist. Companies such as All-About Technology (http://www.all-about-technology.com) and BuyMoreGadgetz (http://www.buymoregadgetz.com) can assist you with evaluating and strengthening the security of your network, thus protecting your precious data.
Contact BuyMoreGadgetz TODAY:
Web: http://www.buymoregadgetz.com
Blog: http://blog.buymoregadgetz.com
Email: sales@buymoregadgetz.com
Office: 734-532-7796
Cell: 313-903-3723
Let us prepare a custom quote for you!
No comments:
Post a Comment