RSS Alerts

Share

More services

Related Links

Related Stories

  • Internet Explorer vulnerability used in Google attack
    More details are emerging concerning the concerted attacks on over 20 technology companies, including Google, that were revealed earlier this week. The attackers targeted a vulnerability in Internet Explorer, according to Microsoft. It is now investigating the flaw, which could allow attackers to execute arbitrary code.
  • Mega-D spam count zeroes out after FireEye botnet takedown
    Spam sent by the Mega-D botnet has almost entirely disappeared, after US-based anti-malware appliance firm FireEye took it down.
  • Breaking the Online Bank
    As technology and online behaviors change, so too do methods to compromise a person’s – or organization’s – most vital assets: their financial details. Ted Kritsonis examines how cyber thieves are adapting, and what the banks are doing to stop them
    Members' Content
  • Security Vendors: Trend-Setters, or Trend Followers?
    How far ahead of the curve – or behind it – are vendors when it comes to identifying security trends? Danny Bradbury finds out that the curve may not matter at all
  • Internet Explorer zero-day code goes public
    The Internet Explorer exploit code used in the Operation Aurora attack against Google and other technology companies has made it into the public domain, and has been incorporated into the Metasploit penetration testing tool, it was revealed this weekend.

Top 5 Stories

News

FireEye claims protection against Internet Explorer zero-day attack

18 January 2010

Security appliance company FireEye has said that its products can detect the latest zero-day vulnerability in Internet Explorer without any software patches.

FireEye, which said the same thing about Adobe's most recent PDF vulnerability last month, argued today that its FireEye Analysis and Control (FACT) engine provides pre-emptive support to customers against current zero-day exploits for the Internet Explorer flaw, which were used to target Google and other companies in December.

The company worked with customers to see if their networks had been targeted by the attacks, it said. "In several cases, it was confirmed that 'Operation Aurora' had indeed targeted their netowrk and that the FireEye security technology had identified the IE malware attacks," it added.

"Within the FireEye virtual machine analysis environment, dropper malware was found to install and subsequently download a Hydraq Trojan payload. Hydraq then established an outbound connection to command-and-control servers providing the cyber criminals behind the attack full administrative access to the end system, including but not limited to manipulating files, processes, installing new malware, disabling auto-patching, and even uninstalling endpoint security," FireEye reported.

Marc Maiffret, chieft security architect at FireEye, warned that the hackers behind Aurora used techniques including code obfuscation to try and cover their tracks.

FireEye was instrumental in bringing down the Mega-D botnet in November, working with registrars and ISPs around the world to choke off the command and control points for its infrastructure.

This article is featured in:
Application Security • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012