FireEye, Inc., a developer of modern malware protection systems, confirmed that the FireEye Analysis & Control Technology (FACT) engine has provided pre-emptive protection to enterprise, federal and higher education customers against the current Internet Explorer (IE) zero-day vulnerability (see Microsoft Security Advisory 979352). FireEye provided protection from this sophisticated and targeted zero-day attack without any changes or content updates to the product. As the broad implications of the Operation Aurora attacks were disclosed, FireEye worked with customers to determine if they had been singled out. In several cases, it was confirmed that Operation Aurora had indeed targeted their network and that the FireEye security technology had identified the IE malware attacks; the same attacks recently disclosed targeting high-profile technology companies.
At multiple production sites, FireEye and its customers established that there were attempts made to exploit the IE zero-day vulnerability. Real-time detections were made in the FACT engine without any new rules or post-mortem analysis to manually develop security content. Within the FireEye virtual machine analysis environment, dropper malware was found to install and subsequently download a Hydraq Trojan payload. Hydraq then established an outbound connection to command-and-control servers providing the cyber criminals behind the attack full administrative access to the end system, including but not limited to manipulating files, processes, installing new malware, disabling auto-patching, and even uninstalling endpoint security. The IE zero-day exploit has now been documented and made publicly available.
FireEye network security appliances protect customers against zero-day attacks through advanced malware analysis across multiple protocols, including but not limited to HTTP, IRC, FTP and SMTP. Conducting deep packet inspection via highly instrumented virtual machines, the FACT engine is able to identify both previously infected machines as well as systems under attack. Organizations who are concerned they may have been attacked or are at risk of being targeted should contact FireEye for a network security review.
Reference: Operation Aurora was a cyber attack, conducted in mid-December 2009 and originating in China, against Google and more than 20 other companies, including Adobe Systems, Juniper Networks, Rackspace, Yahoo, Symantec, Northrop Grumman and Dow Chemical.
If you would like to make a comment, please fill out the form below.
