You hear about the importance of patching your systems on a regular basis. Occasionally, you hear about people who got a virus because they didn’t patch theirs. What you don’t hear about very often are strong, concerted efforts at hacking into massive amounts of systems… even less often, that it actually worked, and it was Google that fell prey.

“Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks,” Reavey wrote.

You may be asking yourself why a Google employee would be using anything other than Google Chrome as their browser. Smart web companies utilize many different browsers to ensure that their website will display properly to the many different visitors and their different browers.

Many names: Aurora, Google Attack, IE Vulnerability

There are many security vulnerabilities in Internet Explorer. You may have heard of this one referred to as ‘Aurora’, ‘Google Attacks’ and/or the ‘Microsoft IE Vulnerability (MS Advisory 979352)’.

Hydraq is a malware trojan designed to take advantage of this unpatched vulnerability in Internet Explorer. Its purpose is to attack large enterprises and acquire large amounts of intellectual property. According to Symantec’s Security Response website , this trojan opens a back door that allows a remote attacker to perform actions on a compromised computer. Here is a small list of what it can do:

• Adjust token privileges.
• Check status of, control, and end processes and services.
• Download a remote file, save it as %Temp%\mdm.exe, and then execute it.
• Create, modify, and delete registry subkeys.
• Read, write, execute, copy, change attributes, and delete files.
• Shut down and restart the computer.
• Clear all system event logs.

This trojan is different in that you be infected by just visiting a website. It can be a standard looking website – maybe even a blog like this one. Symantec Security Response has already found dozens of websites that include the attack code, and more are surely going to be coming online.

Security firm Websense has published an article with some of the instant messages and email messages that have been making their way around the Internet.

The China Connection

According to a  New York Times article, evidence has been found that Chinese hackers may have had a hand in the exploit code.

“If you look at the code in a debugger you see patterns that jump out at you,” he said. In this case he discovered software code that represented an unusual algorithm, or formula, intended for error-checking transmitted data.

The error-checking code mentioned above has only been published exclusively on Chinese-language websites.

Protect your South Florida Small Business Computer Network

Our advice:  Keep your Windows Operating System, Antivirus and Antispyware programs updated regularly. Don’t open email attachments that seem suspicious. If,  when visiting a website, you receive a pop up message from an anti-virus application that you’ve never heard of and didn’t install yourself, ignore it. It’s probably a virus waiting to happen.

DO THIS NOW: Use Internet Explorer to visit Microsoft Windows Update and apply all critical patches. Even if you are a Firefox or Chrome user, you use Internet Explorer.

If you run a small business with 10 to 150 employees that is based in South Florida (Ft. Lauderdale, Boca Raton, West Palm Beach to Ft. Pierce)  and you are not sure whether or not you are getting these updates, or you are questioning if you have a Antivirus/Antispyware solution, give us a call or drop us a line.  We’re ready to assist you in keeping your business computer network safe and have many plans available.

More information: Microsoft Security Advisory Bulletin MS10-002.

[Update: 1/28/2010] Very good site with current zero-day vulnerabilities and how long they have been in the wild and not patched.