Warning over using Internet Explorer from German Government as exploit goes public
On Friday, in a response to the security hole in several versions of Internet Explorer (IE), the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) recommended that Internet Explorer users should switch to an alternative browser until a patch for IE has been made available. At the same time the exploit, code-named "Aurora", has appeared as public code on several mailing lists. The Metasploit team have already created a module that implements the exploit in the exploit framework.
The BSI says (German language link) that while running Internet Explorer in "protected mode" and disabling the Active Scripting feature makes attacks less likely to succeed, it doesn't prevent them completely. According to earlier reports, the hole in IE versions 6, 7 and 8 was exploited for a targeted attack against Google, Adobe and numerous other US firms and is believed to have been launched by Chinese cyber spies. The hole, which has now been officially confirmed by Microsoft, allows attackers to inject and execute code on a Windows computer via specially crafted web pages. The attackers reportedly took advantage of this to inject a trojan downloader into compromised computers.
The downloader then proceeded to retrieve further modules, including a back door that gave the attackers remote access to the computer over an SSL-encrypted connection. The links to the crafted web pages must have been sent in emails to selected employees of the targeted firms. Microsoft say they are working on a patch and may even release it as an out-of-cycle "emergency patch".
- Google considers closing its Chinese operation
- Recent attacks on Google exploited previously unknown hole in IE