

IE was reportedly the attack vector for China's hacking into Google - mcantelon
http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/?utm_source=twitterfeed&utm_medium=twitter

======
achew22
I've seen reports of the attack vector being IE and Acrobat, Flash player and
(IIRC) Windows XP. It doesn't matter what the actual product was, it only
matters that people aren't patching well known vulnerabilities. The vector is
not a particular program it is a lack of attention to detail when it comes to
patches.

~~~
tptacek
It doesn't matter if you patch well-known vulnerabilities if the Chinese are
using undocumented flaws in browsers to attack you. HN doesn't want to hear
this, but in the worst case IE is probably _tied_ with Firefox as the most
secure browser.

~~~
BrandonM
_but in the worst case IE is probably tied with Firefox as the most secure
browser._

The difference being that

 _Once the malware is downloaded and installed, it opens a back door that
allows the attacker to perform reconnaissance and gain complete control over
the compromised system._

is less feasible in Firefox than it is in IE. Firefox forces you to download
an executable and then manually run it, so a user would be conscious that he
or she is installing a program. It is still possible (last I knew) in IE to
install a program practically in the background, or to get broader OS control
through a browser vulnerability.

~~~
bd
_"Firefox forces you to download an executable and then manually run it, so a
user would be conscious that he or she is installing a program."_

Unfortunately not. I already encountered malware specifically targeted to
Firefox that was fully automatic.

It used some Mozilla specific JS hooks to launch Acrobat plugin. This in turn
loaded tiny infected PDF that exploited some Acrobat security hole which
allowed to directly execute code on your machine.

It was enough to visit a compromised website, no further user action required.
All was happening automatically, practically invisible to the user. I only
noticed it because Acrobat plugin is a massive resource hog, so I managed to
kill it in time before it could execute a payload.

~~~
ars
What you wrote is not a firefox attack, it's acrobat attack. You don't need
Mozilla specific JS hooks to launch an Acrobat plugin - I don't even think
there is such a thing.

Acrobat plugin opens automatically if you embed a pdf.

~~~
bd
I don't remember details, it happened already some time ago.

It was actually quite sophisticated malware - heavily obfuscated, assembling
itself from pieces spread all around the world, jumping through several hoops
of compromised servers.

When I finally managed to reverse engineer to JS code that carried the
infection, it was full of functions I didn't even know existed. Not usual JS,
more like API hooks to the underlying platform, with special prefixed names.
These names indicated it was about plugins.

BTW it was multiplatform, attacking not just Firefox, there was a browser
detection and browser specific code paths for several popular browser. I
remember there was also something trying to use Silverlight.

Oh, and it was multipurpose. Besides trying to infect your PC with a malware,
it was also earning money. Some parts of JS were loading ads in invisible
frames, presumably to be part of some distributed click farm.

------
rbanffy
Who would imagine a combination of IE, Acrobat and Windows would be useful to
those Chinese spies? What a surprise!

------
fungi
Coverage is degenerating in to a link baiting excise combined with a hell of a
lot of nationalist hyperbole.

Can we please get some fscking facts around here.

------
pan69
I heard they used "the Internet" as an attack vector.

~~~
forkandwait
Man, do the downvoters around here have ANY sense of humor? This comment was
funny...

~~~
elblanco
I upvoted.

~~~
elblanco
Humorless machine down-vote drones have struck again!

~~~
rbanffy
We have to improve humour in AIs... If we leave it like this they will be
reason for endless embarrassment.

