RSS Alerts

Related Links

Related Stories

  • Internet Explorer vulnerability used in Google attack
    More details are emerging concerning the concerted attacks on over 20 technology companies, including Google, that were revealed earlier this week. The attackers targeted a vulnerability in Internet Explorer, according to Microsoft. It is now investigating the flaw, which could allow attackers to execute arbitrary code.
  • Mega-D spam count zeroes out after FireEye botnet takedown
    Spam sent by the Mega-D botnet has almost entirely disappeared, after US-based anti-malware appliance firm FireEye took it down.
  • Internet Explorer zero-day code goes public
    The Internet Explorer exploit code used in the Operation Aurora attack against Google and other technology companies has made it into the public domain, and has been incorporated into the Metasploit penetration testing tool, it was revealed this weekend.
  • Microsoft releases another out-of-band IE patch
    Microsoft has notified customers of an out-of-band patch to be issued on Tuesday. The patch is designed to rectify a zero-day vulnerability in Internet Explorer that enables remote code to be arbitrarily executed on a victim's system.
  • An injection of new ideas
    Securing IT means coping with Donald Rumsfeld’s ‘known unknowns’ – expected attacks whose nature is a surprise. Concepts from medicine, game theory and crowd sourcing may help, finds Danny Bradbury

News

FireEye claims protection against Internet Explorer zero-day attack

18 January 2010

Security appliance company FireEye has said that its products can detect the latest zero-day vulnerability in Internet Explorer without any software patches.

FireEye, which said the same thing about Adobe's most recent PDF vulnerability last month, argued today that its FireEye Analysis and Control (FACT) engine provides pre-emptive support to customers against current zero-day exploits for the Internet Explorer flaw, which were used to target Google and other companies in December.

The company worked with customers to see if their networks had been targeted by the attacks, it said. "In several cases, it was confirmed that 'Operation Aurora' had indeed targeted their netowrk and that the FireEye security technology had identified the IE malware attacks," it added.

"Within the FireEye virtual machine analysis environment, dropper malware was found to install and subsequently download a Hydraq Trojan payload. Hydraq then established an outbound connection to command-and-control servers providing the cyber criminals behind the attack full administrative access to the end system, including but not limited to manipulating files, processes, installing new malware, disabling auto-patching, and even uninstalling endpoint security," FireEye reported.

Marc Maiffret, chieft security architect at FireEye, warned that the hackers behind Aurora used techniques including code obfuscation to try and cover their tracks.

FireEye was instrumental in bringing down the Mega-D botnet in November, working with registrars and ISPs around the world to choke off the command and control points for its infrastructure.

 

This article is featured in:
Application Security Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water