Attackers on U.S. firms exploited another unpatched Internet Explorer hole
McAfee has already pointed out this problem to Microsoft. As is frequently the case with IE's web problems, this one involves Microsoft's JScript computer language which is used inside of IE and the Windows desktop. JScript the name for a dialect of JavaScript unique to the web IE web browser and Windows operating system.
Note, JScript/ActiveScripting can be avoided by disabling them in Internet Explorer options. Or by simply switching from Internet Explorer to another web browser - and changing the default web browser to that new web browser.
Once computer(s) at a company are infected, a back door installed on the affected computers lets the attackers look around inside the company.
McAfee Chief Technology Officer has said that all recent versions of the Microsoft Windows operating system are vulnerable, which of course includes recently-released Windows 7.
New patches from Microsoft typically take a couple of weeks to a month and a half, once word leaks out that it is being actively exploited by cybercrooks.
Due to the flaw in Internet Explorer, it appears that computer software was stolen from about 30 companies in America's high tech Silicon Valley.
Sources reportedly hit by this attack include: industrial giant Dow Chemical, defense contractor Northrup-Grumman, MS-Windows security company Seymantec, and social web portal-maker Yahoo, Juniper Networks - and Adobe. Security experts said that Adobe's software was used as part of the exploit. However, Adobe says there is no evidence of that - that it has.
-
-
JohnnySoftware
-
Microsoft just disclosed it has an undisclosed vulnerability (exploitable flaw) in Internet Explorer - and the so-called Chinese attacks on US high tech companies in Silicon Valley utilized it. http://arstechnica.com/microsoft/news/2010/01/microsoft-warns-of-ie-security-fla...
The disclosure says that IE6, IE7, and IE8 are all vulnerable.
The disclosure reveals that Microsoft has only noticed it being exploited on IE6 so far. From the other information divulged, it sounds like it would require more work in IE7 and IE8 to exploit the vulnerability effectively.
IE6 sounds pretty dangerous. Might be a good time to upgrade to IE7 or IE8 (if that is enough), or else switch to a different web browser.
There are other web browsers available for free that work well on Windows:
http://www.mozilla.com/
http://www.apple.com/
http://www.google.com/chromeAll 3 web browsers support HTML 4 and CSS 2.1, and include much support for HTML 5 and CSS 3 which are W3 web standards drawing close to approval, though it is hard to say for sure when they will become official Technical Recommendations. (W3-speak for "standard")
Note that IE only runs on Microsoft Windows operating system. For a couple of years, it ran on Mac OS X (around 2001-2002) but then Microsoft withdrew all support for it when Apple released Safari web browser.
- 2 years ago
-
JohnnySoftware
-
-
JohnnySoftware
-
I found a FAQ at CNET called Behind the China attacks on Google (FAQ) - http://news.cnet.com/8301-27080_3-10434721-245.html?tag=mncol;mlt_related
Looks like the number of companies in Silicon Valley thought to be attacked is rising. Verisign iDefense has said companies were attacked, according to the FAQ. Intriguingly, a California law firm that specializes in cases against China says it was attacked this week, according to the FAQ. This is the firm that was in litigation over an American company's software that was allegedly incorporated into the Green Dam software required for China PCs by the Chinese government.
The FAQ says that source code was what was targeted at the Silicon Valley high tech companies and most of the attacks were successful. The FAQ also says home computer users could be targeted in the same way as the companies were.
The FAQ is longer than the article, and pretty detailed in terms of what happened. Details like the identity of the individuals responsible is not yet in there, of course.
- 2 years ago
-
JohnnySoftware
