AOH :: ISNQ5847.HTM

Google Hack Code Released, Metasploit Exploit Now Available




Google Hack Code Released, Metasploit Exploit Now Available
Google Hack Code Released, Metasploit Exploit Now Available



http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=222301235 

By Kelly Jackson Higgins
DarkReading
Jan 16, 2010 

Internet Explorer exploit code used in the so-called Aurora attacks out 
of China against Google and other companies has been posted online -- 
and now the popular Metasploit hacking tool has released a working 
exploit of the attack as well.

The malware, which exploited a zero-day vulnerability in Internet 
Explorer in targeted attacks against Google and other companies' 
networks, was used to go after IE6 browsers in the massive attacks, 
which ultimately resulted in the theft of intellectual property from 
Google and other as-yet unnamed organizations. Adobe and Rackspace are 
among the companies so far that say they were hit by the attacks that 
first came to light this week and were allegedly conducted by hackers in 
China.

With the IE exploit in the wild now, it could be used by other 
cybercriminals to go after other organizations or users. And while 
Metasploit's new exploit is meant for researchers and penetration 
testers to gauge their vulnerability to the attack, Metasploit is still 
an open-source tool that can be deployed for nefarious purposes as well.

"The public release of the exploit code increases the possibility of 
widespread attacks using the Internet Explorer vulnerability," George 
Kurtz, McAfee's CTO, blogged late yesterday. "This attack is especially 
deadly on older systems that are running XP and Internet Explorer 6," he 
said.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods