Operation Aurora

What you need to know

What is Operation Aurora?

Operation Aurora is a targeted malware attack against at least 30 major companies—including Google and Adobe—which exploited a zero-day flaw in Internet Explorer. The exploit allowed malware to load onto users' computers. Once loaded, the malware could take control of the computer to steal corporate intellectual property.

The malware originated in China, and Google has gone as far to claim that the attack was state-sponsored; however, there is no solid evidence yet to confirm this.

Am I infected?

If you use Sophos security software, you already have multiple layers of protection against this threat—our products proactively block the threat's malicious webpages and JavaScript as well as the malware it attempts to drop onto your system. Sophos's Buffer Overflow Protection Service (BOPS), when enabled, also protects against this exploit.

What's at risk?

Microsoft says the zero-day vulnerability in IE affects versions 6, 7 and 8, though most of the attacks seen in the field have been through IE 6. A number of copycat attacks also use the same vulnerability as exploited by Operation Aurora.

That said, Microsoft issued a critical patch out-of-band—so if you deploy this patch, you should be safe from Operation Aurora attacks as well as any copycats that exploit the same vulnerability. Endpoint Security and Data Protection users already had generic protection against this threat.

Please enable flash and javascript for the player to work

00:11:55 - 19 Jan 2010

Download the podcast

Operation Aurora: The attack on Google

Chester Wisniewski of Sophos Canada and James Lyne from the Office of the CTO discuss Operation Aurora: The attack on Google, what it means to businesses, and what we should be doing to better protect our networks.

Should I switch browsers?

As the Aurora exploit targets Internet Explorer, both the French and German governments urged web users to switch to different browsers. But changing your company's default browser as a quick fix can potentially cause more problems than it prevents. This isn't to say it's a bad idea, just be sure to consider the repercussions: switching browsers can break web-based applications as well as cause usability issues, as some employees may find it difficult to change.

The easiest and safest way to operate is to always use the most recent version of your browser—with all patches and fixes installed.

download Download our free Virus Removal Tool
Find what your antivirus missed