The big news over the past few months were the Aurora attacks and how they seemed to originate from China, last month Microsoft took the unusual step and released an Out-Of-Band patch for the IE6 0-Day vulnerability used in the attacks.

Within the last few days the origin of the code was traced to 2 Chinese schools which both claimed they had no knowledge of the exploit.

It was always thought the exploit originated from China due to parts of the code only being discovered on Chinese language sites, the latest news is that the actual origin of the code has been discovered by US investigators.

US investigators have pinpointed the author of a key piece of code used in the alleged cyber attacks on Google and at least 33 other companies last year, according to a new report.

Citing a researcher working for the US government, The Financial Times reports that a Chinese freelance security consultant in his 30s wrote the code that exploited a hole in Microsoft’s Internet Explorer browser. The report also says that Chinese authorities had “special access” to this consultant’s work and that he posted at least a portion of the code to a hacking forum.

The story follows another report from The New York Times that traced the attacks to a pair of Chinese schools – Shanghai Jiaotong University and Lanxiang Vocational School – claiming that the latter had ties to the Chinese military. A day later, representatives of both schools denied involvement to the Chinese state news agency, and the Lanxiang representative denied ties to the military.

It all sounds like a conspiracy from the TV show 24 with schools tied to the Chinese military and ‘special’ access to underground forums.

It’ll be interesting to watch which direction it heads after this and if it’s going to increase the tension between the US and China governments. The whole cyberwar has been going on for quite a while now with both sides trying to covertly steal information from each other.

So far the author of the code has not been named and his real identity or purpose is also a little vague.

According to The Financial Times report, the unnamed security consultant who wrote the exploit code is not a full-time government worker and did not launch the attacks himself. In fact, the FT says, he “would prefer not to be used in such offensive efforts.”

The reports says that when he posted the code to the hacking forum, he described it as something he was “working on.”

With a January blog post, Google announced that attacks originating from China had pilfered unspecified intellectual property from the company, and Microsoft later said the attack had exploited a hole in its Internet Explorer 6 browser. According to security researchers, at least 33 other companies were targeted by similar attacks.

If I understand correctly what is being implied above, the author of the code posted a PoC (proof of concept) type exploit to a hacking forum.

Someone took this PoC, turned it into a working exploit and attacked 33 US based companies. If the conspiracists are right this ‘someone’ would be the Chinese government and they used to the exploit to steal commercially valuable data from some big US players.

Any thoughts?

Source: The Register

Seen as though we’ve been having a good bash on Microsoft recently, here’s some more relevant news. The December update from Microsoft has delivered patches for 11 series flaws spanning both IE6 & IE7 and all their currently supported operating systems (Windows 2000, Windows XP and Windows Vista).

So if you are running Windows, make sure you get your updates downloaded and installed before you’re away from your PC during this festive season.

Microsoft today released software updates to plug at least 11 security holes in PCs powered by its Windows operating systems and other software. Windows users can download the fixes either directly through the Microsoft Update Web site or via Automatic Updates.

December’s seven update bundles includes fixes for four separate security holes in Internet Explorer 6 and IE7, vulnerabilities that are considered critical for Windows 2000, Windows XP and Windows Vista users. Microsoft rates a flaw “critical” if it can be exploited to break into vulnerable systems with little or no help from the user, save perhaps for browsing a Web site or by clicking on a malicious link in an e-mail or instant message.

Seems like even though Internet Exploder Explorer is such a ‘stable’ and ‘mature’ product – it’s not immune to serious problems. I’m sorry but it’s a web-browser..how complicated can it be!

Microsoft also issued critical updates to fix at least two different problems with the way Windows handles the processing and display of various video and audio files. The first of those is a serious vulnerability in the “Windows media file format” — chiefly, files that end in “.asf” and “.wmv” — used principally by the Windows Media Player software bundled with the operating system. Another patch addresses a critical flaw in most versions of “DirectX,” a Windows component that handles the display of a variety of video file formats (files that end in “.wav” and “.avi” for example). Again, these are especially dangerous flaws because they can be exploited merely by getting users to view maliciously crafted video files via a Web browser or e-mail.

Of the seven patch bundles released today, only two did not affect Windows Vista systems, suggesting that the vulnerable components were carried over into Vista from older versions of the OS despite the multi-year secure coding review conducted for Vista. That said, two of the bundles were released to plug security holes that were found exclusively in Vista.

This news directly related to what we have been discussing recently, how previous Windows flaws carry over into the supposidly ‘all-new’ Windows Vista.

Only TWO of the problems did not effect Vista, which shows that the problems that effect an OLD (8 years old now) OS like Windows 2000 are still effecting Vista.

Source: Security Fix