FireEye claims protection against Internet Explorer zero-day attack

FireEye, which said the same thing about Adobe's most recent PDF vulnerability last month, argued today that its FireEye Analysis and Control (FACT) engine provides pre-emptive support to customers against current zero-day exploits for the Internet Explorer flaw, which were used to target Google and other companies in December.

The company worked with customers to see if their networks had been targeted by the attacks, it said. "In several cases, it was confirmed that 'Operation Aurora' had indeed targeted their netowrk and that the FireEye security technology had identified the IE malware attacks," it added.

"Within the FireEye virtual machine analysis environment, dropper malware was found to install and subsequently download a Hydraq Trojan payload. Hydraq then established an outbound connection to command-and-control servers providing the cyber criminals behind the attack full administrative access to the end system, including but not limited to manipulating files, processes, installing new malware, disabling auto-patching, and even uninstalling endpoint security," FireEye reported.

Marc Maiffret, chieft security architect at FireEye, warned that the hackers behind Aurora used techniques including code obfuscation to try and cover their tracks.

FireEye was instrumental in bringing down the Mega-D botnet in November, working with registrars and ISPs around the world to choke off the command and control points for its infrastructure.

What’s Hot on Infosecurity Magazine?