Code Used To Attack Google Now Public

itwbennett writes "The IE attack code used in last month's attack on Google and 33 other companies was submitted for analysis Thursday on the Wepawet malware analysis Web site. One day after being made publicly available, it had been included in at least one hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee. Marcus noted that the attack is very reliable on IE 6 running on Windows XP, and could possibly be modified to work on newer versions of IE."

"Aurora" IE Exploit Used Against Google in Action

[Proudrooster]

http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/ [praetorianprefect.com]

Yawn, another unpatched MS browser exploit.

I hear there are several more for sale...

Video of the Exploit in Action

[danielkennedy74]

The following links to an example of using this vulnerability in Metasploit to compromise a user's PC, in essence what happened to users at Google and some 30 other companies via bad actors assumed to be Chinese Nationals: http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/ [praetorianprefect.com]

Re:This is shocking!

[eihab]

Anyone else smell the BS from this post?

What BS Mr. AC? Name something.

About me refusing freelance work that doesn't live to my standards? Guess what, it's "extra", and if my main job takes care of everything and then some, then I get to be VERY freaking picky about what I do with time I can spend doing what _I_ want.

Or did the $x,000 freak you out? Do you even work? What's your hourly rate?

Bah, I know better than to respond to ACs, but this was just infuriating.

Re:This is shocking!

[Anonymous Coward]

Even more shocking to me, after last December's SAP system *upgrade*, our company's customer relation software only works on IE6, IT officially announced that IE7 and later are not supported. We are asked to downgrade out browser to IE6.

We are a big tech company in the US.

Re:Sorta like irony. Sorta.

[LordThyGod]

Not at all. This is the MS legacy: install XP, then install Firefox (Chrome, Safari, whatever). But you can't uninstall IE, and if you never use it, its sitting there at 6. And the exploit does not require actively opening the browser, just that its installed. One more reason to run away from anything from MS. How MS got away with claiming that the browser is so integral to the OS that it can't be uninstalled, is one of the great mysteries of the universe.

Re:This is shocking!

[eihab]

For people who *never* use IE, that's the version we're going to have installed.

Wrong. IE7 and IE8 have both been pushed via windows update servers and if you have automatic updates on, you will be running IE8 right about now.

If you work in a company with more than 3 employees (or have competent IT) you will probably be using WSUS or any other patch management software. Your IT department would have been offered to upgrade all the machines to IE8 around mid last year, and IE7 (as a critical update IIRC) even longer before that.

Basically, the only way for you to be running IE6 is if you couldn't be bothered upgrading your machines or if you're doing it on purpose because of a legacy app.

What was shocking to me is that Google would do either one of those.

IE can't be uninstalled, and no-one updates a browser they don't use.

If you're stupid enough to refuse upgrading a major component of your system just because you don't think you're using it, well, then you deserve what you get.