#attack code

Russian hackers infiltrated Nasdaq stock exchange – report

[cfsp key="adsense_336x280"]“In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert,” Michael Riley reports for Businessweek. “The signal was coming from Nasdaq. It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country.…

New Post has been published on http://www.therakyatpost.com/business/2014/02/16/microsoft-flaw-used-to-attack-french-aerospace-employees-us-veterans/

Microsoft flaw used to attack French aerospace employees, US veterans

SAN FRANCISCO

A flaw in recent versions of Internet Explorer was used to attack visitors to a website for US military veterans, and also appears to have been used earlier against French aerospace industry employees, researchers said.

The flaw in Microsoft Corp’s IE 10 Web browser was reported on Thursday, days after it was used inside the web page of non-profit US group Veterans of Foreign Wars. The VFW said Friday that an unspecified federal law enforcement agency is investigating and that the malicious code on its site had been removed.

Security firm Websense Inc said it found similar attack code on a page set up on Jan 20 with a web address nearly identical to one used by a French aerospace association.

That suggests the attacks using the flaw have been going on for at least three weeks, but might have succeeded earlier against higher-value targets and escaped discovery, said Websense Director of Security Research Alexander Watson.

FireEye Inc, which discovered the VFW attack, said it appeared connected to previous attacks against the Japanese financial sector, security firm Bit9 and others that Symantec Corp security researchers attributed to a large and well-organised group inChina.

The latest attacks are considered to be sophisticated as they rely on a previously unknown flaw of a sort that can cost US$50,000 (RM165,000) or more when sold by shadowy brokers to government agencies or contractors. The industry calls these flaws “zero-day vulnerabilities”.

They also seem part of a multistage operation, with the attackers seeking to break into the computers of US veterans or French defence contractors in the future. Once there, they could look for military plans or designs or passwords that would enable them to impersonate the individuals electronically. Assuming those victims’ identities in emails sent to more prominent targets would make it more likely that the recipients would click on baited links or unwitting install more spying software.

Although the initial report in the new campaign mentioned only IE 10, Microsoft said it had determined that IE 9 is also vulnerable.

“We recommend customers upgrade to Internet Explorer 11 for added protection,” said Adrienne Hall, general manager of Microsoft’s Trustworthy Computing Group.

Despite the use of the unknown flaw, Websense’s Watson said the attacks were not that hard to spot. For one thing, a programme that exploited the flaw was submitted on Jan 20 to Virus Total, a free Google Inc service that shows whether any major anti-virus provider would block the sample. In this case, none did. In addition, the programming language operated in the open, without complicated obfuscation that can deter analysis.

Watson said that was why he felt the attacks could prove to be by a new group, or even two different new groups. As an example, the exploit code might have been written elsewhere, and used with more success, then passed along to a new group with less expertise.

The French page that was imitated is GIFAS, which claims more than 300 members, including contractors making satellites, missiles and other arms, as well as helicopters, military planes and engines.

Links to the fake page might have been sent via email to industry officials.

In the VFW’s case, the hackers broke into the real Web page and inserted code shown to visitors that would lead to infection if they were using the right version of IE. FireEye said hundreds or thousands of infections occurred.

VFW spokeswoman Randi K. Law said the non-profit group was working with law enforcement and private security incident responders.