Operation Aurora

What you need to know


Virus Removal Tool


What is Operation Aurora?

Security Trends

Operation Aurora is a targeted malware attack against at least 30 major companies—including Google and Adobe—which exploited a zero-day flaw in Internet Explorer. The exploit allowed malware to load onto users' computers. Once loaded, the malware could take control of the computer to steal corporate intellectual property.

The malware originated in China, and Google has gone as far to claim that the attack was state-sponsored; however, there is no solid evidence yet to confirm this.

Am I infected?

If you use Sophos security software, you already have multiple layers of protection against this threat—our products proactively block the threat's malicious webpages and JavaScript as well as the malware it attempts to drop onto your system. Sophos's Buffer Overflow Protection Service (BOPS), when enabled, also protects against this exploit.

Download our free Aurora removal tool

What's at risk?

Microsoft says the zero-day vulnerability in IE affects versions 6, 7 and 8, though most of the attacks seen in the field have been through IE 6. A number of copycat attacks also use the same vulnerability as exploited by Operation Aurora.

That said, Microsoft issued a critical patch out-of-band—so if you deploy this patch, you should be safe from Operation Aurora attacks as well as any copycats that exploit the same vulnerability. Endpoint Security and Data Protection users already had generic protection against this threat.

Should I switch browsers?

As the Aurora exploit targets Internet Explorer, both the French and German governments urged web users to switch to different browsers. But changing your company's default browser as a quick fix can potentially cause more problems than it prevents. This isn't to say it's a bad idea, just be sure to consider the repercussions: switching browsers can break web-based applications as well as cause usability issues, as some employees may find it difficult to change.

The easiest and safest way to operate is to always use the most recent version of your browser—with all patches and fixes installed.


Virus Removal Tool