Google Users targeted with Windows Exploit


Recommended Posts

  Quote
Highly targeted, politically motivated attacks that affect all supported versions of Microsoft?s Windows operating system are being carried out on Google users, requiring the search giant to issue a bulletin warning those who use its services.

Attacks on Google users utilise an unpatched MHTML vulnerability that, although disclosed in January, allows attackers to steal sensitive information by exploiting the way Internet Explorer users on Windows parses MIME-formatted webpages, also allowing trusted websites to be spoofed and actions to be performed without authorisation.

Microsoft has issued a temporary fix but it is unknown how long it will be until a full patch is released.

Google, worried that its users were at risk, issued a warning via its Online Security blog, stating that the company believed activists were the target of the attacks. Interestingly, the post noted that users of another popular social site (possibly Facebook, which will not confirm either way) were also being targeted:

We?ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We?ve also seen attacks against users of another popular social site. All these attacks abuse a publicly-disclosed MHTML vulnerability for which an exploit was publicly posted in January 2011. Users browsing with the Internet Explorer browser are affected.

For now, we recommend concerned users and corporations seriously consider deploying Microsoft?s temporary Fixit to block this attack until an official patch is available.

Google says that it has deployed ?various server-side defences? to make the the MHTML vulnerability harder to exploit, adding that although the measures are in place, they cannot be guaranteed to be 100% reliable. With that in mind, the company is in contact with Microsoft to work on a solution for the issue.

If you are an Internet Explorer user and want to make sure you are not vulnerable to the MHTML exploit, head to Microsoft?s patch page and install the update.

TNW

  On 13/03/2011 at 16:58, z0phi3l said:

Again who in their right mind would still be using IE?

Again who in their right mind would still be using Firefox ?

It's a shame that people feel the need to exploit an operating system to steal details and information from others. I hope everyone who runs Internet Explorer has the sense to download the patch, assuming Internet Explorer 9 did not come with it bundled. I am glad I don't use Internet Explorer for reasons like these. :/

  On 13/03/2011 at 17:09, xMP44x said:

It's a shame that people feel the need to exploit an operating system to steal details and information from others. I hope everyone who runs Internet Explorer has the sense to download the patch, assuming Internet Explorer 9 did not come with it bundled. I am glad I don't use Internet Explorer for reasons like these. :/

Because other browsers don't have problems like these? IE9 doesn't have it since you bring that up.

  On 15/03/2011 at 16:12, Growled said:

Moral of the story, be security aware always, and that includes being up to date on patching and using other secure software.

Actually I think this is a Zero Day that Microsoft hasn't patched yet.

But they do have a fixit tool available

http://support.microsoft.com/kb/2501696

Security Now episode 291

  Quote

Steve: Well, yes, we are just past our standard second Tuesday of the month. So Microsoft has actually a rather lean response this month. They fixed four different vulnerabilities, one which was critical in their media playback which affected all the recent OSes - XP, Vista, and Windows 7 - such that, if you went to a site that had a specially crafted malicious video, it could execute code on your machine. That they fixed.

The bad news is the zero-day exploit, which we have talked about recently, the so-called MHTML exploit - MHTML is sort of a pseudo protocol. In the same way that we have HTTP:, Microsoft defines MHTML: as a way to invoke MIME-encoded HTML. We talked about how that's used for archiving whole web pages, in the same way that MIME stands for Multipart, what is it, Multipart Internet Message Extension or something?

Leo: Yeah, something like that.

Steve: For allowing email to contain nontextual things, like photos and so forth, MIME is how you do that. Similarly, this is how Microsoft has their own proprietary format for storing an entire web page including all of its assets, its other photos and so forth. There's a problem with it such that, if you go to a website that invokes this protocol, similarly they're able to get their own code to run on your machine. Well, that didn't get fixed this Tuesday, and I was hoping it was because it is being actively exploited in the wild.

So I wanted to remind our listeners that there is a one-click easy Fixit button that Microsoft offers. If you go to go.microsoft.com, then ?linkid=9760419, that will take you to this page with the quick fix dealie that just disables that protocol. And probably everyone, I mean, it's one of those things that's on by default. It's got a problem in it that, if you don't know you need it, you probably don't. So, I mean, I immediately went there and just said, I don't need this, I'm turning it off. And had Microsoft fixed it a couple days ago, we'd probably be okay. But like these things, now that it's seen that Microsoft hasn't fixed it, we can expect more exploits to happen. So...

Leo: It's a "sit up and take notice" to hackers.

Steve: It's a problem, yes, exactly. They're saying, hey, we've got another month, probably. So let's jump on this. So more important to do that. So I don't know what you could Google to get there. It's MHTML exploit, but you can go to go.microsoft.com/?linkid=9760419.

Leo: And I get a download, immediate download when I go there. So you're getting a .msi file, an installer.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Microsoft, Indian police bust AI-powered tech support scam ring targeting elderly in Japan by Paul Hill Pop-up scams pretending to be Microsoft Working with India’s Central Bureau of Investigation (CBI), Microsoft recently assisted in busting a scam network that was targeting the elderly in Japan. The CBI raided 19 locations on May 28, leading to the arrest of six key operatives and the taking down of two call centers. The scammers were impersonating Microsoft specifically and using tech support scams against Japanese seniors. The raid led to the seizure of both digital and physical infrastructure, including computers, storage devices, and phones. The scammers were targeting older adults, who are more vulnerable to fraud. To put this activity to an end, Microsoft’s Digital Crimes Unit (DCU), the Japan Cybercrime Control Center (JC3), Japan’s National Police Agency (NPA), and India’s CBI conducted significant cross-border collaboration to trace the criminals. Thanks to the internet, cross-border crimes like these have been around for a while and multinational tech firms like Microsoft are making significant efforts to help law enforcement agencies crack down on cybercrime. Artificial intelligence is also starting to be used to make more sophisticated scams. The evolving threat This case reveals an evolution in how Microsoft’s DCU addresses cybercrime involving tech support fraud. Thanks to AI, scammers have been able to scale their operations. In response, Microsoft has moved away from focusing on individual call centers to target the heads of criminal operations and disrupting their technical infrastructure. Notably, Microsoft’s collaboration with JC3 is the first time the DCU has partnered with a Japan-based organization to assist victims. Microsoft is continually getting tips from JC3 about malicious pop-ups urging recipients to call fake technical support lines that claim to be Microsoft. This data has allowed Microsoft to shut down 66,000 malicious domains and URLs globally since May 2024. Microsoft noted that artificial intelligence is now being used by criminals to scale their operations. Some ways in which these entities leverage AI are for victim identification, writing convincing scam emails and building fake web pages, as well as for convincing translations. Anyone can use AI for malicious purposes so it could increase the number of people or groups carrying out attacks. It also makes attacks much more sophisticated and harder to detect and necessitates better consumer protections and more sophisticated security tools such as passkeys to reduce hacks. Protecting vulnerable populations and what readers can do Tech support fraud attacks have been found by the FBI to disproportionately affect older people, resulting in $590 million in losses in 2023 for just older Americans alone. In this operation that targeted Japanese victims, around 90% of the 200 affected people were over 50. If you’ve ever received suspicious communications from a party claiming to be Microsoft, you should know that Microsoft never sends unsolicited emails or makes phone calls requesting personal or financial information, and it doesn’t offer unsolicited tech support. If you do get any suspicious communications, then you should report it to Microsoft so that it can take action.
    • Firefox is irrelevant in today's internet. Most websites don't work as smooth as any Chromium browsers. Web developers are monopolizing and responsible for this situation.
  • Recent Achievements

    • Week One Done
      luxoxfurniture earned a badge
      Week One Done
    • First Post
      Uranus_enjoyer earned a badge
      First Post
    • Week One Done
      Uranus_enjoyer earned a badge
      Week One Done
    • Week One Done
      jfam earned a badge
      Week One Done
    • First Post
      survivor303 earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      433
    2. 2
      +FloatingFatMan
      239
    3. 3
      snowy owl
      213
    4. 4
      ATLien_0
      211
    5. 5
      Xenon
      157
  • Tell a friend

    Love Neowin? Tell a friend!