Showing posts with label E-mail. Show all posts
Showing posts with label E-mail. Show all posts

Friday, January 22, 2010

Google hack 'Aurora' Now leaked on the internet. How To protect yourself.

The code that was used to hack Gmail accounts in China is now publicly available on the internet. And till a patch can be developed internet users across the world need to be vigilant. The hack targetted users of IE6 and till Microsoft can develop a patch users need to be aware of this threat.

The guys who posted it on the net did it for good reasons so that people involved in security can download it to test their security vulnerabilities. This code however can be downloaded by anyone from the net and there comes the problem. 

So what do you need to do to protect yourself.

This program runs like this. You know those e-mails you get that looks like a forward. You see it and it looks suspicious. Well that is the one do not open it. Because that is how this program works you get a mail with a catchy heading and a link for you to open. Once you open that link this malicious program can begin to work. So if you get an e-mail with a link that sounds to good to be true. it probably is. You need to be cautious when opening e-mail attachments. 

Found on Foxnews

Gregg calls it spearphishing: "They target the user with an e-mail  that would appeal to them, one that leads to a site that launches malicious code onto your system." And the IE 6 exploit makes it particularly easy to slip that code on your computer.

Staying on top of current security patches, using firewalls, updating Web browsers and running intrusion detection software is the first part of staying safe. But since most attacks rely upon spearphishing or some similar end-user exploit, Gregg suggests a training program that would warn users that if an e-mail link looks too good to be true, it probably is -- don't click on it.

On Thursday, the code that was used to hack Gmail accounts in China and led Google to threaten to close shop there was posted to malware-analysis Web site Wepawet. By Friday, security site Metasploit had posted a demonstration of just how easily the exploit can be used to gain complete control over a computer.

Metasploit is intended to let security professionals test out security threats. 

An original post by