The “Aurora attack” has received a lot of press lately. We at Malwarebytes have been following the developments closely so we can give you our view.

“Operation Aurora” is the name researchers gave to an attack exploiting a zero-day vulnerability in Internet Explorer to get information from Google, Adobe and other large companies.
Victims of the attack were tricked into downloading a trojan payload that would trigger other such payloads, with each stage of the attack downloading and deploying others. This type of attack has been called an Advanced Persistent Threat or APT, and needs only a small hole to break a network wide open.

According to Google the attack originated from China and attempted to gain access to the Gmail accounts of U.S., China-, and Europe-based human rights activists. A recent report found that three major U.S. oil companies Marathon Oil, ExxonMobil, and ConocoPhillips were targeted by similar attacks.

What do we learn from this?
Why should you care? We believe the bottom line is that in our world today, cybercrime is organized, sophisticated, and vicious, and this incident underscores the need for all Internet citizens, both private netizens and corporations alike, to protect themselves. In essence three parties need to work together to minimize the risk of compromised systems:

  • Content providers like Facebook, Twitter, and others must take every possible step to avoid APTs in their content.
  • Software developers (including Microsoft) must do their utmost to avoid security holes and fix exploits as swiftly as possible.
  • And users like all of us have to be made aware of the dangers present in our digital age.

The only sensible approach is a layered defense, or as a wise man told me years ago: “don’t put all your eggs in one basket.”

We at Malwarebytes strongly believe in a layered approach to security. By that we mean a combination of protective software, awareness, and safe computing practices. Layered protective software is especially important: an antivirus program is no longer sufficient to protect most users from the newest threats. Companion anti-malware software (like our own Malwarebytes’ Anti-Malware) we believe is a critical addition to “fill in the security gaps” and protect against the threats that antiviruses tend to miss: threats that are not considered viruses, like trojans and rogue security software, that are just as annoying and harmful. Add a firewall to the mix and you have a layered security solution. An educated user completes the “ideal” picture.

We will be telling you more about how we determine the kinds of threats we should target in future blog posts.

How do we view our role?
We have added detection for the Aurora threat:

and we are further developing our heuristics modules in order to recognize malware files before they are ever released in the wild. And we are always open to cooperation with the companies that provide the other layers in the security chain, so we can provide better overall protection then just the sum of the layers alone.

Every few months a major attack is featured in the mainstream media. People read about it, worry momentarily, and then forget. Take this opportunity to think seriously and critically about your security solution. The same powerful elements that target major corporations like Google and Adobe are often behind identity theft syndicates and other malware distributors that go after us as individuals. We don’t mean to be unduly alarmist, but we do believe there is a real danger out there, and it is our job to help you protect yourself. The Malwarebytes team is working every day of the year around the globe and around the clock to protect you from attacks like Aurora.

Pieter Arntz

If you are interested in certain aspects of this subject you may find the following articles interesting as well:
Exploit code has been made public
The German government warns against using IE
The New York Times: The financial loss from security breaches
The reluctance to update
Spear phishing