In a blog post, McAfee CTO George Kurtz names the attack "Aurora." He says the attackers exploited a previously unknown vulnerability in Internet Explorer."We informed Microsoft about this vulnerability and Microsoft is expected to publish an advisory on the matter soon.: Attackers chose a few people within an organization to attack (he suspects they chose people with access to intellectual property). The attack looks like a trusted source wants you to click on a link (that old scam?) which then opens a back door that allows attackers to "gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company."
UPDATE ON AURORA 1/15/2010 9:30AM
Taylor Buley at Forbes has a nice update on Aurora today.
Taylor talked to Ed Skoudis, a cybersecurity researcher with IntelGuardians for some perspective on IE vulnerabilities, something that most experts thought was disappearing as IE aged. Not.
It was surprising to realize that this back door had been sitting there, possibly for years, and yet nobody had found or snuck through it before. The Chinese hackers were either "very clever or very lucky," says Skoudis.
Dmitri Alperovitch at McAfee votes for clever. The code was very sophisticated and written from scratch, not kluged out of some cookie cutter code.
Microsoft admits that the IE back entrance was "one of the vectors" in the attack.
Time to stop patching and start rewriting these old programs from scratch.
I'm keeping track of updates on this story at my site: