McAfee Guidance Helps Organizations Determine If They Were Compromised, McAfee Products Shield Against Future Attacks Exploiting Internet Explorer Vulnerability
SANTA CLARA, Calif., January 17, 2010 - McAfee, Inc. (NYSE:MFE) today released guidance to help organizations determine if they were targeted in the same sophisticated cyberattack that hit a growing list of companies, including Google. The high profile cyberattack, linked to China by Google, targeted valuable intellectual property.
“This is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations,” said McAfee Worldwide Chief Technology Officer George Kurtz. “It is a watershed moment in cybersecurity because of the targeted and coordinated nature of the attack. As a result, the world has changed; organizations globally will have to change their threat models to account for this new class of highly sophisticated attack that goes after high value intellectual property.”
As part of the fallout of the attack, Windows users currently face a real and present danger due to the public disclosure of a serious vulnerability in Internet Explorer. McAfee was the first to discover and announce that an Internet Explorer vulnerability was a key vector in the attack on Google and others. Unfortunately, the risk has been compounded because the attack code that exploits this Internet Explorer vulnerability has now been posted in the public domain, increasing the possibility of widespread attacks. McAfee technologies provide protection against current threats related to the attack on Google and others.
How to know if your organization was compromised
Over 30 organizations have reportedly been targeted by the same attack that hit Google and the list of victims continues to grow. McAfee calls the cyberheist “Operation Aurora” and today provided detailed guidance to help organizations determine if they were impacted by the attack, which occurred over the December holidays and into early January.
McAfee’s guidance involves two steps:
1) If you are a McAfee customer, verify that you are using the latest threat definition files and perform a full scan on all machines within your enterprise.
2) Inspect network traffic history for communication with external systems associated with the attack.
3) Examine computers for specific files or file attributes related to the attack.
Detailed guidance is available on the McAfee Web site at http://www.mcafee.com/operationaurora
How to protect against the Internet Explorer vulnerability
McAfee products protect against attacks that may use the now publicly available exploit to attempt to attack Internet Explorer users and the malware used in the attack on Google and others:
1. McAfee consumer and enterprise PC security products provide protection against the malicious computer programs used to target Google and others through the threat definition files released on January 11 and through the McAfee real-time, cloud-based Global Threat Intelligence. Current customers should ensure the latest definition files are installed and that cloud detection is enabled. McAfee consumer security products are available online.
2. McAfee® Network Security Platform detects attacks that use the Internet Explorer zero-day exploit through the threat definition files released on January 15. Users of the McAfee Network Security Platform should ensure the latest definition files are installed.
3. McAfee Web Gateway and McAfee Firewall Enterprise provide powerful Web security technology to filter malicious traffic on the network. Users of either of these McAfee products should ensure that outbound Web security capabilities are enabled and malware scanning within the firewall is based on the latest signatures and associated rules.
Use Advanced McAfee Technology To Detect Future Attacks
The attack on Google and others marks a new, high-risk era in the world of cybercrime where these advanced persistent threats are no longer targeted at just governments, but are also targeted at organizations in many different sectors. McAfee is making available free trials of its advanced protection technologies to help companies shield themselves against sophisticated attacks such as the recent attack on Google and others.
Organizations can evaluate the following McAfee technologies at no cost:
Also, McAfee Foundstone® has consultants who are available for forensic investigations. Complete the “911 Contact Form” on the Foundstone Web site for help.
McAfee will continue to provide updates on the attack that hit Google and other cyberattacks on its Web site and blog.
About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, California, is the world's largest dedicated security technology company. McAfee is committed to relentlessly tackling the world's toughest security challenges. The company delivers proactive and proven solutions and services that help secure systems and networks around the world, allowing users to safely connect to the Internet, browse and shop the web more securely. Backed by an award-winning research team, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. http://www.mcafee.com
McAfee and/or other noted McAfee related products are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied.