|
Aurora Internet Explorer Zero-Day Attack
As early as December 2009, emails containing links to
malicious code were sent to Google, Adobe, and approximately 30 other
companies. Commonly referred to as Aurora, the attack leveraged a
previously unknown Internet Explorer vulnerability and the attack is
ongoing. Aurora was designed to evade traditional anti-virus and Web
reputation defenses to gain access to company assets and sensitive
information. As of January 21, only 25% of AV vendors tracked protect
against the payload according to this VT
report. Websense® Security Labs™ has published
important information - available below - regarding this threat.
|
|
|
|
|
What You Should Know
Websense provided its customers with zero day protection from this
attack before it began in December. Aurora, and a growing number of
similar Web-based threats, highlight the need for Websense Web, data,
and email technology, which go beyond legacy security controls.
Websense provides real-time protection for previously unknown threats
like Aurora as they propagate over the Web and across email, targeting
sensitive data stored on systems inside and outside the corporate
network, helping to prevent systems from getting infected and sensitive
data from being compromised. Put simply, Websense provides the most
advanced security for modern threats.
With Websense, customers receive:
|
•
|
Real-time
malware protection that goes beyond anti-virus to address previously
undiscovered threats like Aurora on-the-fly, when they are first
introduced.
|
|
•
|
Advanced
content security that spans Web, email and other channels to
intelligently scan data coming in and out for legacy threats,
exploits, script-based attacks, and data loss.
|
|
•
|
Comprehensive
protection for users at the corporate office, branch office, and who
are mobile to carry security across the entire enterprise.
|
To learn more about how Websense is protecting your
organization, visit www.websense.com.
|
|
|
|
|
|
More Information on Aurora
Timeline
The Aurora attacks are examples of what are being referred
to as Advanced
Persistent Threats (APT), described well by TaoSecurity
in three simple points. In brief:
·
Advanced means the adversary can operate
in the full spectrum of computer intrusion.
·
Persistent means the adversary is
formally tasked to accomplish a mission.
·
Threat means the adversary is not a
piece of mindless code.
The impact of these advanced attacks on the targeted
organization can be severe and difficult to defend against. In this case,
the attacks used complex exploit code delivered on websites. Vulnerable
hosts were affected when they simply connected to the site.
Post-infection, additional malicious code is downloaded, data is captured
and the sent to remote websites.
Websense has been at the forefront of identifying and
protecting our customers from zero-day exploits in the wild for several
years. We expect that the number of attacks of this type will grow with
time. We are now seeing other attackers use the Aurora zero-day exploit
to infect vulnerable hosts. Since the code is now publicly available, we
expect the next wave of attacks to come from cybercriminals whose
techniques are equally sophisticated, but whose motives are somewhat
different. They will most certainly be hunting for data, but it will be
for monetary gain rather than information gathering.
Learn More
http://securitylabs.websense.com/content/Alerts/3536.aspx
http://securitylabs.websense.com/content/Blogs/3534.aspx
http://securitylabs.websense.com/content/Blogs/3530.aspx
http://www.mandiant.com/services/advanced_persistent_threat/
http://taosecurity.blogspot.com/2010/01/what-is-apt-and-what-does-it-want.html
http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx
http://www.microsoft.com/technet/security/bulletin/MS06-001.mspx
For information about how to be protected against advanced
threats, visit:
http://www.websense.com
For up-to-date information about Aurora, and for other
breaking security information:
http://www.websensesecuritylabs.com
|
|
