Google Hack Code Released, Metasploit Exploit Now AvailableResearchers now say there's no evidence infected PDFs were used in the targeted attacks originating from China on Google and other companies, but investigations continue
Internet Explorer exploit code used in the so-called Aurora attacks out of China against Google and other companies has been posted online -- and now the popular Metasploit hacking tool has released a working exploit of the attack, as well.
The malware, which exploited a zero-day vulnerability in Internet Explorer in targeted attacks against Google and other companies' networks, was used to go after IE 6 browsers in the massive attacks, which ultimately resulted in the theft of intellectual property from Google and other as-yet unnamed organizations. Adobe and Rackspace are among the companies so far that say they were hit by the attacks, which first came to light this past week and were allegedly conducted by hackers in China.
With the IE exploit in the wild now, it could be used by other cybercriminals to go after other organizations or users. And while Metasploit's new exploit is meant for researchers and penetration testers to gauge their vulnerability to the attack, Metasploit is still an open-source tool that can be deployed for nefarious purposes.
"The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability," George Kurtz, McAfee's CTO, blogged late yesterday. "This attack is especially deadly on older systems that are running XP and Internet Explorer 6."
The IE flaw discovery has prompted the German government to recommend that its citizens no longer use IE and instead run alternative browser until Microsoft comes up with a patch, according to a post on Heise Security.
Researchers working on investigating the attacks say the IE malware was just one weapon used in the attacks.
In a related development, iDefense has retracted its claims that infected PDF files were used in the attacks on Google and others. Earlier last week iDefense had said that malicious PDF file attachments sent via email to the victims were likely the attack vector.
"In iDefense's press announcement regarding the recently discovered Silicon Valley compromises, we stated that the attack vector was likely 'malicious PDF file attachments delivered via email' and suggested that vulnerability in Adobe Reader appeared to have been exploited in these attacks. Upon further review, we are retracting our initial assessment regarding the likely use of Adobe vulnerabilities. There are currently no confirmed instances of vulnerability in Adobe technologies being used in these attacks. We continue to investigate this issue," iDefense said in a statement late yesterday.
iDefense's statement and revelations by McAfee about its findings led other researchers to back down from their claims of infected PDFs, as well.
Daniel Kennedy, a partner with the Praetorian Security Group, says the attack opens a backdoor into the victim's PC, which gives the attacker carte blanche to do whatever the user can do. "Once the backdoor is open to the user's PC the attacker can use it as a pivot point for other attacks against the internal network, escalate his or her privileges, take information off the PC, basically do anything the user can do," Kennedy said in blog post late yesterday.
He also posted a video simulating the attack, using the new Metasploit exploit module. You can view it
Meanwhile, the U.S. State Department reportedly may take more formal measures against China over the alleged attacks. State Department officials want answers from China, but thus far have been unsuccessful in doing so in their initial meetings with Chinese officials.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio