Online Computer Tips Home
Home All Tips OCT Newsletter Free Tutorials Tech News Resources

Thursday, January 14, 2010

McAfee Says Cyber-attack Details Point to IE Security Vulnerability

Security vendor McAfee is reporting that the cyber-attack that hit more than 30 businesses, including Google and Adobe Systems, involved the use of a zero-day exploit targeting Internet Explorer.

"Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system," said McAfee CTO George Kurtz. "The attacker can now identify high-value targets and start to siphon off valuable data from the company."

Talk of an IE vulnerability follows reports from other vendors that the attackers launched a spear-phishing campaign using Adobe Reader attachments. McAfee said it has not uncovered any evidence that a Reader vulnerability was exploited in the attacks.

"According to sources familiar with the present attack, attackers delivered malicious code used against Google and others using PDFs as e-mail attachments; those same sources also claim that the files have similar characteristics to those distributed during the July attacks," iDefense said.

Full Story

No comments: