

The Aurora IE Exploit That Penetrated Google in Action - Prefect
http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/

======
tptacek
This is basically just a video version of this:

[http://blog.metasploit.com/2010/01/reproducing-aurora-ie-
exp...](http://blog.metasploit.com/2010/01/reproducing-aurora-ie-exploit.html)

posted earlier as:

<http://news.ycombinator.com/item?id=1055986>

which already has some discussion. If you're interested in how the
vulnerability actually works, there's a Haml reduction of what may be the core
cause (a DOM object lifecycle bug) posted on that thread.

I'm also not sure it's been established that this code is what got the
attackers into Google, although it appears to have gotten them Adobe.

~~~
Sejanus
You mean like it basically says right in the beginning of the post? ;)

"Earlier today this entry from yesterday at Wepawet (an online analysis engine
for malware) was pointed out to H.D. Moore, and within hours Metasploit has an
exploit of the vulnerability integrated. McAfee has confirmed that the exploit
is out and the same one they saw during the investigation" Source:
[http://praetorianprefect.com/archives/2010/01/the-aurora-
ie-...](http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-
in-action/)

On your second item, here's what McAfee has stated:

"Computer code that exploits the yet-to-be-patched Internet Explorer
vulnerability used in Operation Aurora to attack Google and others in December
has now been published on the Internet." Source:
[http://siblog.mcafee.com/cto/%E2%80%9Caurora%E2%80%9D-exploi...](http://siblog.mcafee.com/cto/%E2%80%9Caurora%E2%80%9D-exploit-
in-google-attack-now-public/)

