McAfee: Chinese cyber-attack Aurora is Microsoft's fault. Sort of.

In a blog post, McAfee CTO names the attack Aurora.

He says the attackers exploited a previously unknown vulnerability in Internet Explorer."We informed Microsoft about this vulnerability and Microsoft is expected to publish an advisory on the matter soon.:

Attackers chose a few people within an organization, (he suspects they chose people with access to intellectual property). Looks like a trusted source wants you to click on a link (that old scam?) which then opens a back door that allows attackers to "gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company."

Read the blog posting:
http://siblog.mcafee.com/cto/operation-“aurora”-hit-google-others/

UPDATE ON AURORA 1/15/2010 9:30AM

Taylor Buley at Forbes has a nice update on Aurora today.

Taylor talked to Ed Skoudis, a cybersecurity researcher with IntelGuardians for some perspective on IE vulnerabilities, something that most experts thought was disappearing as IE aged. Not.

It was surprising to realize that this back door had been sitting there, possibly for years, and yet nobody had found or snuck through it before. The Chinese hackers were either "very clever or very lucky," says Skoudis.

Dmitri Alperovitch at McAfee votes for clever. The code was very sophisticated and written from scratch, not kluged out of some cookie cutter code.

Microsoft admits that the IE back entrance was "one of the vectors" in the attack.

Time to stop patching some of these old programs and start re-writing them from scratch.