Microsoft admits IE vulnerability used in Google attack
Based on Microsoft's investigations the software giant has admitted Internet Explorer was one of the vectors used in targeted attacks against Google recently.
In a company blog posting Mike Reavey, Director of the Microsoft Security Response Center admits "based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks."
Microsoft has issued further guidance to companies in order to mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer.
Google said, that in mid-December, they, along with a number of other large companies in the Internet, finance, technology, media and chemical sectors, were targeted in a sophisticated cyber-attack. This attack on their infrastructure originated in China, and resulted in the theft of intellectual property. Due to this attack, and the background behind it, Google is now taking a second look at their operations in China, particularly Google.cn, where they currently offer censored search results as part of an agreement with China's government. Google took the big step of informing the government of China that it is no longer willing to provide censored results, and will be entering into discussions regarding how it can do this without breaking Chinese law. Should Google find themselves unable to reach an agreement, they may shut down Google.cn, and close their offices in China.
Yahoo supported Google's announcements and said it would stand by the company. "We stand aligned that these kinds of attacks are deeply disturbing and strongly believe that the violation of user privacy is something that we as Internet pioneers must all oppose" said a Yahoo representative earlier this week.
China responded to Google's claims in a brief statement yesterday, stating "The Chinese government administers the Internet according to law and we have explicit stipulations over what content can be spread on the Internet." iDefense researchers at Verisign were able to trace the source of the control servers that distributed the malware which gained access to private customer and corporate Google data. Verisign's initial findings suggest the source of the servers consisted either of agents of the Chinese state or proxies thereof.
Review: Microsoft Security Essentials “MSE”
In a previous article, I’ve previewed the newest Microsoft antivirus, anti malware and anti-spyware software, Microsoft Security Essentials “MSE” codenamed Morro.
In this article, I’m going to cover a realtime test for the new antivirus software against several types of viruses including trojans, viruses, backdoors and worms as well.
I’ve inserted an infected USB stick into my Windows 7 machine with MSE installed, once it was inserted and identified by Win 7, the MSE’s tray icon displayed a popup window for an attention that MSE detected 1 potential threat and suspended it as shown in figure 1.
Figure 1
I clicked the Show details link to retrieve some information about this threat and I got a small window about the detected threat’s name, alert level, recommended action (Remove, Quarantine, and Allow) and current status of the threat as shown in Figures 2, 3.
Figure 2
Figure 3
By clicking Show Details >> button, you can get further details about the detected threat for its category, descriptions, recommendations and items with file locations of the threat as in figure 4.
Figure 4
By applying actions for removal, a progress bar shows the progress. It takes longer than expected for file removal.
By now, MSE resolved auto detected threats. However, the USB stick contained another set of threats that MSE couldn’t automatically detect through its protection mode. I had to make manual scan to the drive.
Overall, MSE is a perfect solution for Microsoft Windows desktop “XP, Vista and 7” users, blocking the way for all antivirus software manufacturer giants by its free license of the new product. Actually, I was waiting this step very long time ago while I was wishing that Microsoft to get a powerful antivirus since OneCare I was contributing as Perpetual Beta Tester was not as powerful as famous antivirus systems in the market, plus its license was for $49.5 USD which was waste of investment.
I expect replacement of Windows Defender for the RTM release of Windows 7 by Microsoft Security Essentials. Anyways, we are looking forward to the final release of MSE as a separate product no more after September 2009.
Preview: Microsoft Security Essentials “MSE” Codenamed Morro
After 3 years of launching the first beta of Microsoft’s first Anti-Virus software after buying Giant security systems “OneCare” which was part of Microsoft Live Platform, Microsoft announced its first freeware antivirus codenamed “Morro”, which soon its name was changed officially to Microsoft Security Essentials or “MSE”.
Morro or MSE will provide protection from viruses, spyware, rootkits, 
and trojans for Windows XP, Windows Vista & upcoming Windows 7 as well. A limited beta will begin on June 23 for first 75,000 testers from certain countries. Final release is expected no later than September.
MSE will be based on OneCare's technologies, essentially making it OneCare without the management features and other non-anti-malware functionality, albeit greatly streamlined and simplified. In addition, MSE has been optimized to run on low end hardware efficiently, such as a Celeron-based UMPC with 1GB of RAM.
MSE was leaked before several days of the release of its beta version. Actually, I couldn’t wait until an official build is released. I’ve downloaded the x64 edition for Windows 7.
It was amazing that the engine size is just 3.5 MB! Installation seems to be an update of Microsoft Windows as the Windows Defender. Hence, you can consider MSE is sub-system update integrated into Windows, that will prevent malware to stop the MSE service or installer since it’ll work within Kernel “Protected” Mode of the system kernel “MinWin”.
After installation, MSE asks for update while deactivating all services and options until updating process is completed. An Internet connection must be present to perform update process. An offline update process currently not available for those computers without Internet connection. I hope that Microsoft releases a weekly or biweekly updates for virus definitions for offline computers.
MSE is lightweight for system, very fast and rapid, like the Windows Defender. I’ll follow up in a next article for MSE under test to scan variety of malware.
MSE is a big strike for Antivirus, Anti-spam and Anti-malware manufactures, a big surprise and gift for hundreds of millions of Microsoft Windows users.