IE Flaw used by Hackers to Attack Google, Adobe, says McAfee
An Internet Explorer (IE) vulnerability was used by hackers to get past the defenses of Adobe, Google, and about 32 other companies, says security firm McAfee. Until now, the IE flaw had been unknown to security researchers, while the attack had initially been blamed on an Adobe PDF (Portable Document Format) vulnerability.
According to McAfee, hackers used a variety of tactics, including spear-phishing (email spoofing with a specific target in mind), to unleash an incredibly effective "cocktail of zero-day vulnerabilities," that exploited flaws in company systems and left backdoor loopholes for executing future breaches installed on affected computers.
IE, not Adobe, to Blame for Breaches
McAfee says the attack's success had little to do with vulnerabilities in Adobe Reader or Adobe Acrobat, but appears to have been the result of holes in Microsoft's popular web browser, Internet Explorer.
"In our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer," McAfee CTO George Kurtz noted in a blog post yesterday. "Our investigation has shown that Internet explorer is vulnerable on all of Microsoft's most recent operating system releases, including Windows 7."
Microsoft Advisory Expected "Soon"
Microsoft has not yet admitted IE's role in the issue, but said it was "investigating these reports and will provide more information when it is available." Kurtz said he expected the software giant to administer an advisory on the matter "soon." (Souce: computerworld.com)
The original attack took place earlier this week, originating somewhere in China. At that time, many tech pundits jumped the gun in speculating that the assault was related to PDF vulnerabilities. That now appears to have been an erroneous report.
Hacker Campaign Dubbed "Aurora"
The attack targeted a slew of companies, including Google, with the early victim count pegged at about twenty. However, as researchers have investigated the issue further, it's been found that about 34 total companies were affected.
Dubbed "Aurora" in reference to the name of the attacker's filepath discovered by researchers, security experts think this is probably the official name of the campaign as created by hackers. (Source: theregister.co.uk)
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.