What is Operation Aurora?
Operation Aurora is a targeted malware attack against at least 30 major companies—including Google and Adobe—which exploited a zero-day flaw in Internet Explorer. The exploit allowed malware to load onto users' computers. Once loaded, the malware could take control of the computer to steal corporate intellectual property.
The malware originated in China, and Google has gone as far to claim that the attack was state-sponsored; however, there is no solid evidence yet to confirm this.
Am I infected?
What's at risk?
Microsoft says the zero-day vulnerability in IE affects versions 6, 7 and 8, though most of the attacks seen in the field have been through IE 6. A number of copycat attacks also use the same vulnerability as exploited by Operation Aurora.
That said, Microsoft issued a critical patch out-of-band—so if you deploy this patch, you should be safe from Operation Aurora attacks as well as any copycats that exploit the same vulnerability. Endpoint Security and Data Protection users already had generic protection against this threat.
00:11:55 - 19 Jan 2010
Download the podcast
Operation Aurora: The attack on Google
Chester Wisniewski of Sophos Canada and James Lyne from the Office of the CTO discuss Operation Aurora: The attack on Google, what it means to businesses, and what we should be doing to better protect our networks.
Should I switch browsers?
As the Aurora exploit targets Internet Explorer, both the French and German governments urged web users to switch to different browsers. But changing your company's default browser as a quick fix can potentially cause more problems than it prevents. This isn't to say it's a bad idea, just be sure to consider the repercussions: switching browsers can break web-based applications as well as cause usability issues, as some employees may find it difficult to change.
The easiest and safest way to operate is to always use the most recent version of your browser—with all patches and fixes installed.