The code used in the recent Google hack to exploit a vulnerability in Microsoft’s Internet Explorer browser has been published on the internet, raising the possibility of more attacks.
In a blog posting, McAfee chief technology officer George Kurtz explained that researchers for the firm have seen references to the code on mailing lists and that it has been published on at least one web site.
An attacker could use the flaw to gain control over a user’s system by tricking them into visiting a rigged web page, he said.
“The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability,” warned Kurtz.
“The now public computer code may help cybercriminals craft attacks that use the vulnerability to compromise Windows systems. Popular penetration testing tools are already being updated to include this exploit. This attack is especially deadly on older systems that are running XP and Internet Explorer 6.”
Microsoft issued a security advisory on Thursday admitting that Internet Explorer could be used to allow remote code execution, and said it may release an out-of-cycle patch for the flaw.
“At this time, we are aware of limited, targeted attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if the situation changes,” noted the security update.
The flaw has been taken very seriously by organisations across the globe, with the German government recommending its citizens use an alternative browser to IE until the vulnerability is patched.
source : http://www.itnews.com.au/News/164937,google-hack-attack-code-hits-the-web.aspx
Tuesday, February 16, 2010
Chinese hacker school Black Hawk Safety Net shut down
China Daily has reported that Chinese law enforcement officials raided a hacker training and resource operation in Hubei province with 12,000 members, shut it down and arrested three members,The authorities seized a number of web servers, five computers and a car.
The paper said: “The three, who ran Black Hawk Safety Net, are suspected of offering others online attacking programs and software, a crime recently added to the Criminal Law. A total of 1.7 million yuan ($249,000) in assets were also frozen.
“Hubei province named Black Hawk Safety Net as the largest hacker training site in China, which openly recruited members and disseminated hacker techniques through lessons, Trojan software and online forum communications.
“Since it was established in 2005, the site had recruited more than 12,000 VIP members and collected more than 7 million yuan ($1.03 million) in membership fees. More than 170,000 people registered for free membership.”
The story also said: “According to a report released by the National Computer Network Emergency Response Coordination Center of China, the hacker industry in China caused losses of 7.6 billion yuan ($1.1 billion) in 2009.”
China Daily story here.
New York Times story here.
source : http://www.itnews.com.au/News/166699,chinese-hacker-school-shut-down.aspx
The paper said: “The three, who ran Black Hawk Safety Net, are suspected of offering others online attacking programs and software, a crime recently added to the Criminal Law. A total of 1.7 million yuan ($249,000) in assets were also frozen.
“Hubei province named Black Hawk Safety Net as the largest hacker training site in China, which openly recruited members and disseminated hacker techniques through lessons, Trojan software and online forum communications.
“Since it was established in 2005, the site had recruited more than 12,000 VIP members and collected more than 7 million yuan ($1.03 million) in membership fees. More than 170,000 people registered for free membership.”
The story also said: “According to a report released by the National Computer Network Emergency Response Coordination Center of China, the hacker industry in China caused losses of 7.6 billion yuan ($1.1 billion) in 2009.”
China Daily story here.
New York Times story here.
source : http://www.itnews.com.au/News/166699,chinese-hacker-school-shut-down.aspx
Subscribe to:
Posts (Atom)