You have probably heard news reports about Google's China problems. The security folks at McAfee have been analyzing the security issues involved in that situation and have provided some interesting information. Here is some of what McAfee says they have discovered about the China hack.
____________________
As with most targeted attacks, the intruders gained access to their corporate targets by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they came from a trusted source, leading the target to fall for the trap and click a link. That’s when the exploitation takes place, using a vulnerability in Microsoft’s Internet Explorer browser that lets the malware run without further approval.
Once the malware is downloaded and installed, it opens electronic back door access on the computer and allows the attacker to perform reconnaissance and gain control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data.
Our investigation has shown that Internet Explorer is vulnerable on all of Microsoft’s most recent operating system releases, including Windows 7. Still, so far the attacks we’ve seen using this vector have been focused on Internet Explorer 6. Microsoft has been working with us on this matter and we thank them for their collaboration.
While we have identified the Internet Explorer vulnerability as one of the vectors of attack in this incident, many of these targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios. So there very well may be other attack vectors that are not known to us at this time. That said, contrary to some reports our findings to date have not shown a vulnerability in Adobe Reader being a factor in these attacks.
____________________
This vulnerability at the corporate level means that individuals are probably even more vulnerable to this tactic. Small time thieves may duplicate parts of the process in order to gain access to individual computers and any data they contain that has value to the hackers.
What can we do to avoid being a victim? While nothing is guaranteed to protect us we can stack the odds in our favor.
- First and foremost, take security of your computer seriously and personally. Protect your computer with a full Internet security software package, and learn to use it correctly.
- Second, don't click on a link at a web site or in an email just because you can. This is how many security related problems are initiated.
- Update your Internet browser to the latest release. All of the newest browsers are better than any of the older browsers.
- Install updates that keep your computer and Internet security software current.
- Read security related news stories to stay on top of what's happening. This may help you spot something if its tried on you.
- Encourage friends/others to take Internet security seriously. That lessens the likelihood they will be the source of infecting your system.
