Printed from http://www.electronista.com

US Radiation health site involved in Chinese 'watering hole' attack

updated 10:58 am EDT, Sat May 4, 2013

Attack targeted nuclear weapons workers accessing health information

A US Department of Labor website tailored for nuclear weapons researchers has been compromised, redirecting visitors to a series of alternative websites. If the accessor was using Windows XP and Internet Explorer 8, the culmination of the attack inserted the "Poison Ivy" malware onto the computer, giving access to the user's data by "DeepPanda", a group of hackers believed to be located in China.

Microsoft has confirmed the code execution flaw in Internet Explorer 8. The ultimate fix for the issue is migration to a newer version of the browser, all that have fixes for the flaw. If an upgrade isn't possible, Microsoft advises users to set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones, and to configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones. Both settings would require "white listing" trusted sites.

"For users of IE8, there is no patch currently available and with this exploit being out in the wild, the potential risk for damage is high" said researchers from security firm Invincea in an initial report on Wednesday.

The webpages that were affected provided information on illnesses suffered by personnel developing atomic weapons, making it a likely target for a "watering hole" attack. The websites have since been repaired, and law enforcement is looking into the matter.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News