Published: 2010-03-13T07:32+00:00
Last Updated: 2010-03-13T07:32+00:00
JVNTR-2010-06
Malicious Activity Associated with "Aurora" Internet Explorer Exploit (TA10-055A)
Overview
Malicious activity detected in mid-December targeted at least 20 organizations representing multiple industries including chemical, finance, information technology, and media. Investigation into this activity revealed that third parties routinely accessed the personal email accounts of dozens of users based in the United States, China, and Europe. Further analysis revealed these users were victims of previous phishing scams through which threat actors successfully gained access to their email accounts.
Event Information
| Date (UTC) | Description |
| 2010-02-25 00:30 |
US-CERT TA10-055A: Malicious Activity Associated with "Aurora" Internet Explorer Exploit Via US-CERT Mailing List |
| 2010-01-22 02:28 |
JPCERT/CC JPCERT-AT-2010-0004: Zero-day Vulnerability in Microsoft Internet Explorer |
| 2010-01-21 23:24 |
Microsoft ms10-jan: Microsoft Security Bulletin Summary for January 2010 (MS10-002) Included in this advisory are updates for newly discovered vulnerabilities. |
| 2010-01-21 21:21 |
Microsoft Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-002 to address this issue. |
| 2010-01-21 20:54 |
US-CERT TA10-021A: Microsoft Internet Explorer Vulnerabilities Via US-CERT Mailing List |
| 2010-01-21 17:57 |
US-CERT Microsoft Releases Cumulative Security Update for Internet Explorer US-CERT Current Activity Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code. |
| 2010-01-21 |
Symantec The Trojan.Hydraq Incident: Analysis of the Aurora 0-Day Exploit Security Response Blog This exploit was used to deliver a malicious payload, known by the name of Trojan.Hydraq, the main purpose of which was to steal information from the compromised computer and report it back to the attackers. |
| 2010-01-20 21:14 |
Microsoft ms10-jan: Microsoft Security Bulletin Advance Notification for January 2010 (out-of-band) This is an advance notification of one out-of-band security bulletinthat Microsoft is intending to release on January 21, 2010. |
| 2010-01-19 21:16 |
Symantec ThreatCON (2) => (2) The ThreatCon is at level 2. Microsoft has released a security advisory and mitigation for a new unpatched vulnerability affecting Internet Explorer. |
| 2010-01-19 07:58 |
Trend Micro Cyber Attacks on Google and Others?Who Is Really at Risk? TrendLabs | Malware Blog - by Trend Micro |
| 2010-01-18 08:01 |
JPCERT/CC JPCERT-AT-2010-0004: Zero-day Vulnerability in Microsoft Internet Explorer |
| 2010-01-15 21:35 |
SANS Internet Storm Center Exploit code available for CVE-2010-0249 The details for CVE-2010-0249 aka Microsoft Security Advisory 979352 (http://www.microsoft.com/technet/security/advisory/979352.mspx) aka the Aurora exploit has been made public. It is a vulnerability in mshtml.dll that works as advertised on IE6 but if DEP is enabled on IE7 or IE8 the exploit does not execute code. |
| 2010-01-15 17:29 |
McAfee "Aurora" Exploit In Google Attack Now Public McAfee Security Insights Blog Computer code that exploits a yet-to-be-patched vulnerability in Internet Explorer is now publicly available on the Internet. |
| 2010-01-15 13:36 |
The Metasploit Project Internet Explorer "Aurora" Memory Corruption Vulnerability Proof Of Concept (CVE-2010-0249) #Cid: ms10_002_aurora.rb |
| 2010-01-15 |
CERTA (Centre d'Expertise Gouvernemental de Reponse et de Traitement des Attaques informatique) Vulnerabilite dans Microsoft Internet Explorer |
| 2010-01-15 |
BSI (Bundesamt fur Sicherheit in der Informationstechnik) Kritische Sicherheitslucke im Internet Explorer |
| 2010-01-15 |
Bugtraq Internet Explorer CVE-2010-0249 Remote Code Execution Vulnerability Vulnerability Proof Of Concept (CVE-2010-0249) #Cid: 37815.py #Tested: cpe:/o:microsoft:windows_xp::sp2 + cpe:/a:microsoft:ie:6 |
| 2010-01-14 23:54 |
Microsoft Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution Advisory published. Microsoft is investigating new public reports of a vulnerability in Internet Explorer. |
| 2010-01-14 22:49 |
US-CERT Microsoft Releases Security Advisory 979352 US-CERT Current Activity Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability. |
| 2010-01-14 22:19 |
SANS Internet Storm Center 0-day vulnerability in Internet Explorer 6, 7 and 8 Microsoft just published an advisory about a critical security vulnerability in all versions of Internet Explorer. |
| 2010-01-14 20:48 |
McAfee More Details on "Operation Aurora" Computer Security Research - McAfee Labs Blog Earlier today, George Kurtz posted an entry, 'Operation "Aurora" Hit Google, Others', on the McAfee's Security Insight blog. The purpose of this blog is to answer questions about this particular attack; fill in some of the threat flow and McAfee coverage details. |
| 2010-01-14 15:34 |
McAfee Operation "Aurora" Hit Google, Others McAfee Security Insights Blog McAfee Labs has been working around the clock, diving deep into the attack we are now calling Aurora that hit multiple companies and was publicly disclosed by Google on Tuesday. |
| 2010-01-13 |
McAfee Exploit-Comele |
| 2010-01-12 12:00 |
Google A new approach to China |
| 2010-01-11 14:59 |
Symantec Trojan.Hydraq |
Other Information
| CVE |
CVE-2010-0249 |