Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Used To Attack Google Now Public

Posted by timothy on Friday January 15, 2010 @03:46PM from the clever-scoundrels-still-scoundrels dept.

itwbennett writes "The IE attack code used in last month's attack on Google and 33 other companies was submitted for analysis Thursday on the Wepawet malware analysis Web site. One day after being made publicly available, it had been included in at least one hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee. Marcus noted that the attack is very reliable on IE 6 running on Windows XP, and could possibly be modified to work on newer versions of IE."

2 of 128 comments (clear)

Min score:

Reason:

Sort:

"Aurora" IE Exploit Used Against Google in Action by Proudrooster · 2010-01-15 15:58 · Score: 4, Informative

http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/
Yawn, another unpatched MS browser exploit.
I hear there are several more for sale...
Video of the Exploit in Action by danielkennedy74 · 2010-01-15 16:18 · Score: 5, Informative

The following links to an example of using this vulnerability in Metasploit to compromise a user's PC, in essence what happened to users at Google and some 30 other companies via bad actors assumed to be Chinese Nationals: http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/