CODE NAME AURORA
The Logistics of the Attack
McAffee begins by stating that it discovered a previously unknown vulnerability in Internet ExplorerInternet ExplorerInternet Explorer that was exploited by the malware used in the attack. Microsoft has been informed of the exploit and responded, saying its developing an update to counter the vulnerability.
Here’s McAffee’s explanation of the vulnerability:
“As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.
Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.”
The attack targeted a few key individuals to install malware and rip open a hole through security via Internet Explorer. McAffee made sure to note that the IE flaw was just one way the hackers infiltrated the networks of GoogleGoogleGoogle and 20+ other companies.
As for why McAffee believes that the attackers called the operation “Aurora,” here’s their explanation as well:
“Based on our analysis, ‘Aurora’ was part of the filepath on the attacker’s machine that was included in two of the malware binaries that we have confirmed are associated with the attack. That filepath is typically inserted by code compilers to indicate where debug symbols and source code are located on the machine of the developer.”
McAffee begins by stating that it discovered a previously unknown vulnerability in Internet ExplorerInternet ExplorerInternet Explorer that was exploited by the malware used in the attack. Microsoft has been informed of the exploit and responded, saying its developing an update to counter the vulnerability.
Here’s McAffee’s explanation of the vulnerability:
“As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.
Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.”
The attack targeted a few key individuals to install malware and rip open a hole through security via Internet Explorer. McAffee made sure to note that the IE flaw was just one way the hackers infiltrated the networks of GoogleGoogleGoogle and 20+ other companies.
As for why McAffee believes that the attackers called the operation “Aurora,” here’s their explanation as well:
“Based on our analysis, ‘Aurora’ was part of the filepath on the attacker’s machine that was included in two of the malware binaries that we have confirmed are associated with the attack. That filepath is typically inserted by code compilers to indicate where debug symbols and source code are located on the machine of the developer.”
Comments
Damn those people!!!Post Comment
Please Login to Post a Comment.
Ratings
Rating is available to Members only.
Please login or register to vote.
Please login or register to vote.
| Awesome! |  |
100% | [1 Vote] |
| Very Good | |
0% | [No Votes] |
| Good | |
0% | [No Votes] |
| Average | |
0% | [No Votes] |
| Poor | |
0% | [No Votes] |