Computer security companies are scurrying to cope with the fallout from the Internet Explorer (IE) flaw that led to cyberattacks on Google (Nasdaq: GOOG) and its corporate and individual customers.
The zero-day attack that exploited IE is part of a lethal cocktail of malware that is keeping researchers very busy.test
Here’s What is New in iOS 4.2 for iPhone, iPad and iPod touch [Features]Earlier this week, Apple announced the much awaited iOS 4.2 update for the iPad. It brings tons of new features to iPad like Multitasking
Few days ago we reported about a new USB Modchip called PS Jailbreak for PlayStation 3 which enables you to dump games off original discs on the internal or any external drive connected to PS3
How to Downgrade iOS 4.2 to 4.1 / 4.0.2 / 4.0.1 on iPhone 4, 3GS, 3G and iPadiOS 4.2 was released earlier today. Just like iOS 4.1 and iOS 4.0.2, the new iOS 4.2 at the moment is not jailbreakable.
Android 2.2 Froyo for HTC EVO 4G is Now Officially Available for DownloadTC has finally rolled out Android 2.2 Froyo for HTC EVO 4G on Sprint. The image is available as direct download from HTC’s website. Here is the official description from Sprint
It’s here! Download Internet Explorer 9 Now !Microsoft has finally taken the wraps off its shiny new web browser: Internet Explorer 9. The beta version of IE 9 is now available for download for users running both 32 and 64-bit versions of Windows 7 and Vista.
BlackBerry Torch reviewWhen we began our review of the BlackBerry Torch (aka the Bold 9800), our hearts were all aflutter. The leaked shots we'd been seeing of some kind of Palm Pre-esque RIM slider
Epic 4G reviewOf the seemingly countless variants of the Galaxy S that Samsung's in the process of deploying around the globe, one stands out in a couple very unique (and important) ways: Sprint's Epic 4G
You Can Now Run Windows 7 and Linux on iPhone, iPod touch and iPad, Sort of.While you won’t be ever able to run a full-blown modern desktop OS like Windows or Linux on your iOS gadget anytime soon, but with virtual-machining software Parallels Desktop for Mac
Apple Releases New iPod touch 4G and iPod nano 6G Ads [Video]Earlier today, Apple overhauled the entire iPod lineup for fall 2010, bringing iPhone 4
Download Limera1n to Jailbreak iOS 4.1 on iPhone 4, 3GS, iPad, iPod touch 4GIts here folks! and its real!! Geohot is back big time with limera1n jailbreak for all iOS devices including: iPhone 4, iPhone 3GS, iPad, iPod touch 4G / 3G / 2G, untethered running iOS 4.1.
PwnageTool 4.1 for Jailbreaking Apple TV 2G, iPhone 4, iPad and iPod touch 4G Now Available for DownloadThe iPhone Dev Team has finally released PwnageTool 4.1 which is based on recently releasedLimera1n Geohot’s bootrom-based exploit.
Shocking! Apple Approves BitTorrent App for iPhone and iPod touch !After Apple relaxed its App Store restrictions, the first of apps that benefitted from this were Google Voice clients (like GV Connect and GV Mobile+)
The hack attack on Google that set off the company's ongoing standoff with China appears to have come through a zero-day flaw in Microsoft's Internet Explorer browser. Microsoft has released a security advisory, and researchers are hard at work studying the exploit. The attack appears to consist of several files, each a different piece of malware.
"We're discovering things on an up-to-the-minute basis, and we've seen about a dozen files dropped on infected PCs so far," Dmitri Alperovitch, vice president of research at McAfee Labs, told TechNewsWorld.
The attacks on Google, which appeared to originate in China, have sparked a feud between the Internet giant and the nation's government over censorship, and it could result in Google pulling away from its business dealings in the country.
Pointing to the Flaw The vulnerability in IE is an invalid pointer reference, Microsoft (Nasdaq: MSFT) said in security advisory 979352, which it issued on Thursday. Under certain conditions, the invalid pointer can be accessed after an object is deleted, the advisory states. In specially crafted attacks, like the ones launched against Google and its customers, IE can allow remote execution of code when the flaw is exploited.
A pointer is a programming language data type whose value points, or refers, to another value stored elsewhere in the computer's memory. Pointers are also used to hold the addresses of entry points for called subroutines in procedural programming and for runtime linking to dynamic link libraries (DLLs). There are risks associated with using pointers because they allow both protected and unprotected access to memory addresses.
The attacks have been restricted to IE 6, Redmond's advisory states, although they will work on IE 7 and IE 8 as well. The impact of the vulnerability is limited by IE's Protected Mode on Windows operating systems starting with Vista. By default, IE runs in a restricted mode known as "Enhanced Security Configuration" on Windows Server 2003 and 2008. This also mitigates the threat because it sets the security level for the Internet zone to high, according to Microsoft.
This attack can only be launched if victims go to infected Web sites. "An attacker would have no way to force users to visit these Web sites," the advisory reads. The hackers use trickery, typically by getting victims to click on a link in an e-mail or instant messaging message that takes them to the infected site.
Once a victim visits an infected Web site, the site downloads a fake JPEG image through the IE flaw. This then decodes and runs that to download other malware files, McAfee's Alperovitch said. The creator of the link is still not known.
The Aurora Assault The exploit can easily be tweaked to work with every version of the browser, McAfee's Alperovitch pointed out. It consists of several files, each a different piece of malware. "The files have different capabilities, and we're still conducting a comprehensive analysis," Alperovitch said. "It's possible there are other exploits that we haven't discovered yet in this cocktail."
Security vendors are pulling out all the stops to combat this attack. "We've got people working around the world 24 by seven on this thing, and have sent people out to several companies that were attacked to find out what happened," Alperovitch said. Symantec (Nasdaq: SYMC) and Juniper Networks are also investigating the attacks.
McAfee's Security Insider Blog calls the attack "Aurora," after the filepath on the attacker's machine that was included in two of the malware binaries associated with the attack. That filepath is typically inserted by code compilers to indicate where debug symbols and source code are located on the developer's PC.
Why were the attacks focused on Internet Explorer 6, which was launched back in 2001? Why is it that the more than 30 large enterprises which were apparently victims of the malware had not upgrade to later versions of the browser, when they have the sophistication and technical resources to do so? "A lot of the companies that are victims are very large multinational corporations and have a lot of people, so upgrading takes a long time," Alperovitch explained.
In any event, it would have been impossible to stop the attack, Michael Sutton, vice president of security research at ZScaler, told TechNewsWorld. "This is a zero-day exploit, so nobody was aware of this and they couldn't filter it out," he explained. "A targeted attack using a zero-day vulnerability is very difficult to protect against."
A zero-day attack is one targeted at application vulnerabilities that are not widely known to the security industry, or even to the software developer.
The Manly Art of Computer Self-Defense Protection against the attack was made more difficult because the malware authors were apparently expert coders. "The attack was obfuscated, and, aside from a bunch of binary characters that were in JavaScript, there's very little JavaScript code that would be seen on the network by an intrusion detection system or antivirus or antispam software," Michael Geide, senior security researcher at Zscaler, told TechNewsWorld. Most of the JavaScript was encrypted or encoded and would be decoded by the "small snippet" of JavaScript visible on the network, he explained.
Many antimalware packages either automatically block JavaScript or require users to approve running it on their computers. Obfuscated code is code that has been made difficult to read; malware authors obfuscate their code to make it difficult to detect.
Although the attacks hit Google corporate and individual customers, the Internet giant is not to blame, Sutton said. "Gmail didn't really play any role in letting the attack occur; this was an Internet Explorer attack that was a combination of exploiting the email and good social engineering."
Is there any way to protect against zero-day attacks? Yes, Sutton said. Instead of just relying on antivirus or antimalware software, get defense in depth. This means using several different applications to provide layers of defense.
"With multiple layers of protection, an attack might get past one layer, but other applications can see the results, such as binaries being downloaded or callouts to suspicious hosts, and meanwhile you're monitoring your logs for suspicious activity," Sutton explained. "If something gets past one layer, it will be detected by another."
(from internet)
blog comments powered by Disqus
