Google, Citing Attack, Threatens to Exit China [FIXED :) ]

[Hermite15]

yeah I don't quite like Microsoft attitude in this story...

[Hermite15]

Exploit code for potent IE zero-day bug goes wild

http://www.theregister.co.uk/2010/01/15/ie_zero_day_exploit_goes_wild/

Updated Exploit code targeting the Internet Explorer vulnerability used against Google and other companies has gone public, increasing the chances that broader attacks will soon follow...........................
...............................
Microsoft hasn't said when it expects to fix the bug. Its next regular update release is scheduled for February 9. Speculation is growing that the company will issue an out-of-band patch.

[Hermite15]

hey, when I was talking about a possible isolated employee running IE6...

Google Attackers May Have Had Inside Assistance

http://www.dailytech.com/Google+Attackers+May+Have+Had+Inside+Assistance/article17432.htm
http://www.reuters.com/article/idUSTRE60H1J620100118

The attackers used a trojan that was a modified version of Hydraq. Security analysts say the sophistication of the attacks wasn't in the method of attack used, but that the attackers knew exactly what people inside Google to target with the attacks.

A Google spokesperson said, "We're not commenting on rumor and speculation. This is an ongoing investigation, and we simply cannot comment on the details."

[polonus]

Hi Logos,

Windows Shared Source Iniative
Saillant detail in the whole Google-China affair is
dat Microsoft shared Windows source-code with the Chinese government 6 years ago
, in which IE comes integrated
http://www.microsoft.com/presspass/press/2003/feb03/02-28GSPChinaPR.mspx
This happened within the Microsofts Government Security Program framework,
where Microsoft shares source-code of MS software.
This to stop the proliferation of Linux.
http://www.eweek.com/c/a/Security/Microsoft-Launches-Government-Security-Program/
Next to China also the U.K.,Finland, Austria, Italy, Spain, Turkey Russia and NATO participate,

polonus

[Hermite15]

Hi Polonus,

Google delays phone launch in China

http://www.marketwatch.com/story/google-delays-phone-launch-in-china-2010-01-19?dist=afterbell

same goes for the Nexus btw, read this somewhere else today, they won't release it at all in China.

[Hermite15]

@ Polonus: just after reading your post >>>>>>>>>>>

Microsoft and China Announce Government Security Program Agreement

... no need to say that I find that properly disgusting, at this very chosen moment, when Google has issues with China...

edit: it's too late to make an agreement with the French  most of the administrations have started to switch to Ubuntu here, including the cops...many months ago.

[polonus]

Hi Logos,

British government stays loyal to IE in spite of the unpatched hole, because to leave IE would give a false feeling of security as they say, and because all applications can be hacked in the end with enough effort by the attackers. The danger for the normal user is minimal, heap spray or no heap spray... People that come up with questions about IE's safety there are being forwarded to: http://www.getsafeonline.org/
There might be an out-of-band patch, but again there is nothing to worry about, also with all the usb-sticks lost - no worries whatsoever - business as usual... have faith in BlueE,

polonus

[Hermite15]

IE6 exposed as Google China malware unpicked

http://www.theregister.co.uk/2010/01/19/google_china_attack_malware_analysis/

MS to issue emergency patch for potent IE vuln

http://www.theregister.co.uk/2010/01/19/microsoft_emergency_patch/
(as already mentioned by Bob in the main  threat warning thread)

Australia warns too (after France and germany) against IE:

Internet Explorer Web Browser Security Bug Reported - SSO-AL2010-004

http://www.ssoalertservice.net.au/view/3bd184c173a3c4e4520bfbe521321216

[polonus]

Hi Logos,

Algorithm found in China hack that was only published once in a Chinese document fingerprints the Google hack to China or was used to have it point to China Mainland hacker: http://www.nytimes.com/2010/01/20/technology/20cyber.html

polonus

[Hermite15]

just for fun (IE's actually not removed completely, only the executable is) ...Windows will still store temporary internet files when required by other programs.

also see:  
http://www.bbspot.com/News/2005/01/microsoft_antispyware.html

Symantec Antivirus Research reported that virus sightings were down by 95% this morning

 

[Hermite15]

China attacks Clinton's Internet speech as 'harmful' to relations
http://www.washingtonpost.com/wp-dyn/content/article/2010/01/22/AR2010012201090.html?hpid=moreheadlines

BEIJING -- China's Foreign Ministry sharply criticized Secretary of State Hillary Rodham Clinton's Thursday call for broad Internet freedom, saying that the United States should "cease using so-called Internet freedom to make groundless accusations against China. Ma Zhaoxu, a Foreign Ministry spokesman, said on the ministry's Web site that "the U.S. has criticized China's policies to administer the Internet and insinuated that China restricts Internet freedom. We are firmly against the words and deeds contrary to the facts and harmful to China-U.S. relations."

A Chinese newspaper also joined the criticism of Clinton, who gave her speech in the wake of Google's declaration that it would stop censoring results on its Chinese-based search engine even if that meant losing its license after a cyberattack on its computers.

The Global Times said that the U.S. "campaign for uncensored and free flow of information on an unrestricted Internet is a disguised attempt to impose its value on other cultures in the name of democracy."

I must be dreaming...but OK, let's not turn this thread into something too political  

[Hermite15]

Cyber sleuth sees China's fingerprints on 'Aurora' attacks
http://www.theregister.co.uk/2010/01/21/aurora_attack_origins/
http://www.secureworks.com/research/blog/index.php/2010/1/20/operation-aurora-clues-in-the-code/

A security researcher who reverse engineered code used to attack Google and other large companies has said he found what he believes are the fingerprints of Chinese hackers.

The telltale sign, according to Joe Stewart, director of SecureWorks' Counter Threat unit, is is an error-checking algorithm in the software that installed the Hydraq backdoor on compromised PCs. The CRC, or cyclic redundancy check, used a table of only 16 constants, a compact version of the more standard 256-value table.

you actually posted about that already  Polonus   ... a few posts above.

[polonus]

Hi Logos,

The trojan that infiltrated the Google network provided attackers with the possibilty to watch what happened on the desktop of the infected machines. From analysis by av-vendor Symantec it appears that one of the components was based on VNC (Virtual Network Computer). A program to remotely manage computers. The av vendor named the Trojan "Hydraq". When active on the OSD it will download the various components and files, a.o. VedioDriver.dll and Acelpvc.dll. Analysis proofs that the files and the communication protocol, by using specific adapted VNC code, were meant to be used with the Hydraq malware and specially written to be used with it.

A remote attacker can install a live video feed from an infested machine. Symantec also found that some parts of the malware has been written as soon as 2006. "Other parts of  Hydraq have 2009 dates. This explains, that versions of to-day were developed over time", according to Symantec's Peter Coogan. Another possibilty is that the date on the computer was wrong while the code for the source files was being. A video of the working of the Trojan:
 value="http://www.youtube.com/v/pKAlPUrFNgs&rel=0&color1=0xb1b1b1&color2=0xcfcfcf&hl=en_US&feature=player_embedded&fs=1
src="http://www.youtube.com/v/pKAlPUrFNgs&rel=0&color1=0xb1b1b1&color2=0xcfcfcf&hl=en_US&feature=player_embedded&fs=1"

polonus

[Hermite15]

China to US: shut up about "so-called Internet freedom"

 

http://arstechnica.com/tech-policy/news/2010/01/china-to-us-stop-accusations-on-so-called-internet-freedom.ars
a must read for whom is interested in China argumentation ROFL 

[Hermite15]

MS knew of Aurora exploit four months before Google attacks

http://www.theregister.co.uk/2010/01/22/aurora_exploit_known_months/

Microsoft first knew of the bug used in the infamous Operation Aurora IE exploits as long ago as August, four months before the vulnerability was used in exploits against Google and other hi-tech firms in December, it has emerged.

Redmond's security gnomes finally got around to patching the exploit on Thursday. Microsoft's advisory accompanying its cumulative update for IE credited Meron Sellem of Israeli firm BugSec for reporting the HTML Object Memory Corruption Vulnerability (CVE-2010-0249), the zero-day vulnerability used in the now infamous attacks.

BugSec's bulletin states that it reported the bug to the software giant on 26 August

http://www.bugsec.com/index.php?q=node/47

http://www.sophos.com/blogs/gc/g/2010/01/22/operation-aurora-microsoft-knew-internet-explorer-flaw-months/
http://www.wired.co.uk/news/archive/2010-01/22/microsoft-learned-of-ie-zero-day-flaw-last-september.aspx

interesting hey