Subscribe to the InfoTech eNewsletter

infoTECH Feature

February 18, 2014

U.S. Military on Ground Zero with New IE 10 Attack

Threats to online security are nothing new—but are generally noteworthy, particularly in regard to how to protect against said threats—but threats to online security with a specific target in mind are something rather different. A new zero-day attack recently spotted on Internet Explorer (IE) 10 has just such a focus, specifically, members of the United States military. The attack in question was spotted by security research firm FireEye, and it's referring to the attacks by the somewhat ominous name Operation SnowMan.

Operation SnowMan, according to reports, was launched from the website run by the U.S. Veterans of Foreign Wars, in which an IFRAME was altered to bring in some malicious code. Said code would in turn attack a certain vulnerability in IE 10 that works with systems also using Adobe (News - Alert) Flash Player. While the code depends on a certain vulnerable point in IE 10, it also needs to work with a Flash object, as well as a callback from said Flash object to a JavaScript trigger. Once the attack is on, a set of key points are examined. One, the attack looks to see if the system is running IE 10, then checks to make sure the system is not running Microsoft (News - Alert)'s Enhanced Mitigation Experience Toolkit (EMET), which brings some security enhancements to the overall system. Thus there are several key points that would allow users to protect against this particular issue, from stepping up to IE 11 to bringing in EMET to switching over to Firefox, Chrome, or another browser entirely.

FireEye (News - Alert) reportedly spotted the attack back on February 11, which was in turn suggested to have been launched for two critical reasons: one, it was the start of a holiday weekend, and two, it was about the time that a major snowstorm was kicking in, which looked to compound problems for the user base. Reports further suggest that the group involved in Operation SnowMan was likely connected to similar operations, including Operation DeputyDog and Operation Ephemeral Hydra, and was also connected to a host of other attacks, targeting everything from law firms and mining companies to Japanese firms and elements of the United States government.

Admittedly, going after the Veterans of Foreign Wars website may seem like an odd target—especially when there are much more frequently visited websites out there—but if the target was members of the military, then this does make some sense. It's further odd to use an attack with so many ways to work around it; even something as simple as switching browsers would seem to have a mitigating effect, let alone just keeping the browser up to date would effectively render this attack moot. But this attack still shouldn't be taken lightly, as word from the United States' Computer Emergency Response Team (CERT) suggests that no way has been found, as yet to otherwise fix the attack. However, Microsoft is still at work on the problem, according to word from FireEye, and those who haven't already made the move to take advantage of one of the mitigation tools should likely do so.

Staying protected online is a matter of responsibility for everyone, and Operation SnowMan shows that point well. Keeping things up to date and running the necessary protective tools is a big part of that, and those who do will likely end up rewarded with much fewer headaches.

Edited by Cassandra Tucker

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers