VIA Root
VIARoot Security News Security alerts Business IT security Services Security Tools About VIARoot
Google hack exploit code is loose
Search
Vulnerabilities Alerts
Windows Zero-Day Exploit Uses Shortcuts And USB Drives
 Windows
Hugo Jean, Heptacube Inc.
2010-07-16 15:42:51
The malware spreads through removable drives even if AutoPlay is disabled, installs rootkit on the computer.
Phishing On 15 US Banks Spreads With The Zeus Trojan
 phishing
Hugo Jean, Heptacube Inc.
2010-07-14 12:26:24
False 'Verified by Visa' and 'MasterCard SecureCode' pages harvest customers' personal data.
IT Directory
Wiseleap Solutions Inc.
Founded in 2005, Wiseleap Solutions Inc.'s mission consists in providing companies with the information necessary to make cri [...]
IT Ration Consulting Inc.
IT-Ration Consulting inc has been a NetSuite Partner since 2005 and helps your enterprise grow by aligning your Information T [...]
HumanWare
Empowering People Focused on enhancing the lives of people with visual and learning disabilities, HumanWare provide [...]
By Hugo Jean, Heptacube Inc.
 IElogo
2010-01-18 10:29:48

The exploit code at the origin of the attacks against Google, Adobe and others has been made public.
Security firm McAfee, which has discovered last week that the December attacks had been perpetrated using a previously unknown vulnerability in Microsoft Internet Explorer, confirmed on Friday that the malicious exploit code had appeared on at least one Web site. In a blog post, McAfee's CTO George Kurtz acknowledged that "the public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability."

Although the malicious code--dubbed "Aurora"--is a serious threat, it can only affect computers running Internet Explorer 6 on Windows XP for the moment. Details are available in Microsoft's advisory. Nevertheless, there could be ways to use the code to attack different platforms, so people take the matter very seriously. The German government has asked its citizens to stop using Internet Explorer completely.

It has also been confirmed that the penetration testing program Metasploit has been updated to include Aurora. Even though the software is aimed at researchers and penetration testers, its open source nature makes it available to anyone. It could therefore easily be used by hackers to attack vulnerable computers since no patch has been released yet by Microsoft.

Since it may only be a matter of time before people find a way to use the code for targeting other versions of Windows and Internet Explorer, it is advised that users take all the necessary precautions described in Microsoft's advisory.

Reference 1: http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=222301235

Reference 2: http://siblog.mcafee.com/cto/“aurora”-exploit-in-google-attack-now-public/

Reference 3: http://www.h-online.com/security/news/item/Warning-over-using-Internet-Explorer-from-German-Government-as-exploit-goes-public-906173.html
Tags
Adobe China Google hack IE6 InternetExplorer McAfee Metasploit Microsoft 
Comments
Comment this post


No comment on this post.

© 2006-2010 Heptacube Inc.