Dealing With Operation Aurora

As you know if you follow my maunderings, I’ve been keenly interested in the “Operation Aurora” incident that involved, among other things, hacking into Google’s servers to gather information on Chinese political dissidents.

This was a significant attack, primarily because it was so sophisticated. It exploited a weakness in Internet Explorer 6 (God please deliver us from that browser forever), but did its nastiness deep under cover so that infected organizations weren’t even aware there was a problem until they got back-channel notification.

One such organization got quiet word of “connections from [their] company’s DNS servers to questionable domains.” That’ll stand up the hair on your neck. It took some extensive efforts to locate and dig out the problems, including Tripwire intrusion detection, Wireshark packet capture, Juniper IDS, a special patch from Trend Micro, EnCase drive imaging, and all the cool stuff security forensics people love to work and play with.

Check out the story at
http://www.computerworld.com/s/article/346764/Latest_Malware_Is_a_Call_to_Action