Google’s announcement that it is pulling out of China over continued hacker attacks has highlighted problems in Internet Explorer. Wired has an article in which Dmitri Alperovitch says of the Google attacks: “We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack.”
McAfee’s CTO blog breaks it down further and gives the name Operation Aurora to the attack. Technical details on “Operation Aurora” exploit and payload are on McAfee Labs Blog. McAfee will be hosting a webinar on Thursday to discuss the exploit and attack. Meantime, for those of us who like to play with Aurora, HD Moore recreated the exploit for Metasploit.
One concern that I have is script kiddies downloading and running the exploit across anything they can get their hands on, particularly in light of the press.
I wager many of you (like me) have to use Internet Explorer for business purposes. So please note that the current “Aurora” public exploits do not work if you are running IE8 with DEP enabled. If you are running older versions of IE, you might consider upgrading while Microsoft prepares the patch.
There is rumor that the exploit could be modified to bypass DEP. Such a modified exploit is currently not publically available. It will take some time before a modified exploit to be developed, which should give Microsoft time to patch.