Google Hack Attack Was Ultra Sophisticated, New Details Show
· Although the initial attack occurred when company employees visited a malicious website, researchers are still trying to determine if this occurred through a URL sent to employees by e-mail, instant messaging or through some other method, such as Facebook or other social networking sites.
· Once the user visited the malicious site, their Internet Explorer browser was exploited to download an array of malware to their computer automatically and transparently. The programs unloaded seamlessly and silently onto the system
· “The initial piece of code was shell code encrypted three times and that activated the exploit, Then it executed downloads from an external machine that dropped the first piece of binary on the host. That download was also encrypted. The encrypted binary packed itself into a couple of executables that were also encrypted.”
· One of the malicious programs opened a remote backdoor to the computer, establishing an encrypted covert channel that masqueraded as an SSL connection to avoid detection. This allowed the attackers ongoing access to the computer and to use it as a “beachhead” into other parts of the network to search for login credentials, intellectual property and whatever else they were seeking.
· Although security firm iDefense told Threat Level on Tuesday that the Trojan used in some of the attacks was the Trojan.Hydraq, Alperovitch says the malware he examined was not previously known by any anti-virus vendors.
· iDefense also said that a vulnerability in Adobe’s Reader and Acrobat applications was used to gain access to some of the 34 breached companies. The hackers sent e-mail to targets that carried malicious PDF attachments.
Aurora and Botnets
McAfee Worldwide Chief Technology Officer, George Kurtz, McAfee Senior Vice President, Stuart McClure, and McAfee Senior Director, Greg Brown, will team up to share everything you need to know about two white-hot security topics: Botnets and Aurora - the day-0 vulnerability that impacted Google and several other companies last week. Jan 21st at 2:pm EST https://www1.gotomeeting.com/register/541112360
0 comments:
Post a Comment