'State-sponsored attackers' using IE zero-day to hijack GMail accounts

Night Hawk

Vista Guru
'State-sponsored attackers' using IE zero-day to hijack GMail accounts
By Ryan Naraine

June 13, 2012, 9:36am PDT


Summary: Microsoft’s advisory speaks of “active attacks” and follows a separate note from Google that references the IE flaw “being actively exploited in the wild for targeted attacks.”


Microsoft and Google have separately warned about a new Internet Explorer zero-day being exploited to break into GMail accounts.


The browser flaw, which is currently unpatched, expose Windows users to remote code execution attacks with little or no user action (drive-by downloads if an IE users simply surfs to a rigged site).

see full report
 

My Computer

System One

  • Manufacturer/Model
    Custom built desktops =2 Toshiba replace HP laptop
    CPU
    AMD Phenom II X4 975 Deneb core 3.6ghz
    Motherboard
    Gigabyte GA-790XTA-UD4
    Memory
    Kingston Hyper X 1.5v DDR3 PC12800 1600mhz 16gb
    Graphics Card(s)
    MSI Radeon HD 5750 1tb
    Sound Card
    Creative X-Fi XtremeAudio PCIe
    Monitor(s) Displays
    Asus 19" HP 20" second lcd main HP 20" remote pc.
    Screen Resolution
    1440x900, 1600x900 main - 1600x900 2nd desktop
    Hard Drives
    WD Black Edition 1tb Sata II -2
    WD SAS "Heavy Duty" RE class 2tb - 2
    External usb/eSata WD Black 1tb main -1
    External usb only WD Green Power 1tb -1
    PSU
    Corsair 750w 750TX main - Corsair 600w remote
    Case
    Antec 900-2 - SSD compatible eSata ports 2 - NZXT Vulcan 2nd
    Cooling
    Zalman CNPS9900A cpu, twin front 120s, top 200cm, rear 120
    Mouse
    MSI Interceptor D200
    Keyboard
    AZIO Ilumminated keys gaming keyboard/volume control usb
    Internet Speed
    30mbps upgrade

tom982

٩(͡๏̯͡๏)۶
Vista Guru
Gold Member
'State-sponsored attackers' using IE zero-day to hijack GMail accounts
By Ryan Naraine

June 13, 2012, 9:36am PDT


Summary: Microsoft’s advisory speaks of “active attacks” and follows a separate note from Google that references the IE flaw “being actively exploited in the wild for targeted attacks.”


Microsoft and Google have separately warned about a new Internet Explorer zero-day being exploited to break into GMail accounts.


The browser flaw, which is currently unpatched, expose Windows users to remote code execution attacks with little or no user action (drive-by downloads if an IE users simply surfs to a rigged site).

see full report
Very interesting article :)
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload

Night Hawk

Vista Guru
It was certainly an eye catcher as far as the title! I doubt the real problem with certain sites is limited to just IE however! With the 64bit flavor of FireFox, WaterFox, simply clicking on a link when going to try out a new video player, video editing ware the new window automatically slammed a new toolbar on the browser which couldn't be removed easily!

Apparently the sites being warned about there have scripting that's far more complex in order to simply hijack IE 9 possibly the 10 beta now seen as well in the next version to come's Release Preview. A great addon for any browser however is the Web Of Trust(WOT) tool which rates individual sites when going to run a search for something and look to see which ones have a red dot next to them over those with either amber(unsure) or green(secure).
 

My Computer

System One

  • Manufacturer/Model
    Custom built desktops =2 Toshiba replace HP laptop
    CPU
    AMD Phenom II X4 975 Deneb core 3.6ghz
    Motherboard
    Gigabyte GA-790XTA-UD4
    Memory
    Kingston Hyper X 1.5v DDR3 PC12800 1600mhz 16gb
    Graphics Card(s)
    MSI Radeon HD 5750 1tb
    Sound Card
    Creative X-Fi XtremeAudio PCIe
    Monitor(s) Displays
    Asus 19" HP 20" second lcd main HP 20" remote pc.
    Screen Resolution
    1440x900, 1600x900 main - 1600x900 2nd desktop
    Hard Drives
    WD Black Edition 1tb Sata II -2
    WD SAS "Heavy Duty" RE class 2tb - 2
    External usb/eSata WD Black 1tb main -1
    External usb only WD Green Power 1tb -1
    PSU
    Corsair 750w 750TX main - Corsair 600w remote
    Case
    Antec 900-2 - SSD compatible eSata ports 2 - NZXT Vulcan 2nd
    Cooling
    Zalman CNPS9900A cpu, twin front 120s, top 200cm, rear 120
    Mouse
    MSI Interceptor D200
    Keyboard
    AZIO Ilumminated keys gaming keyboard/volume control usb
    Internet Speed
    30mbps upgrade
Top