All the latest UK technology news, reviews and analysis


US CERT warns Operation SnowMan hackers are unstoppable

18 Feb 2014
snowman55

The US Computer Emergency Response Team (CERT) has said it is yet to find a way to fix or protect against the recently discovered Operation SnowMan hackers.

The Operation SnowMan campaign was uncovered by security firm FireEye last week, when researchers spotted hackers trying to infiltrate US military veterans' website VFW.org.

The attack leveraged vulnerabilities in the Microsoft.XMLDOM ActiveX control to break into systems and siphon data, as explained in the CERT advisory.

"Microsoft.XMLDOM is an ActiveX control that can run in Internet Explorer without requiring any prompting to the user. This object contains methods that can leak information about a computer system to the operator of a website.

"By looking at error codes provided by the XMLDOM ActiveX control, an attacker can check for the presence of local drive letters, directory names, files, as well as internal network addresses or websites."

Despite being uncovered, CERT confirmed: "This vulnerability is actively being used by exploit code in the wild. We are currently unaware of a practical solution to this problem."

It is currently unclear when a patch fixing the vulnerabilities being exploited by Operation SnowMan hackers will be released, though FireEye researchers confirmed in a blog post that "Microsoft is aware and they are working on a fix ASAP".

Operation SnowMan is listed as following a similar exploit strategy to the notorious DeputyDog hack campaign. The campaign targeted public-sector organisations and companies in defence, law, IT and mining in 2013.

The campaign is one of several advanced threats discovered this year. Kaspersky's Global Research and Analysis Team (Great) uncovered dangerous advanced malware, codenamed Mask, earlier in February. The Mask campaign is believed to have infected 380 governments and businesses across 31 countries including the UK.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
13%
5%
13%
69%

Popular Threads

Powered by Disqus
BAE Systems Detica cyber attack demo

Detica reveals the dark arts of uncovering cyber attacks [video]

BAE Systems Detica lifts the veil on the cutting-edge technology it uses to detect and stop incoming cyber threats

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

C#.NET Developer (C#, .NET, SQL, TDD, ASP.NET) London - Finance

C#.NET Developer (C#, .NET, SQL, TDD, ASP.NET) London...

Junior C#.NET Developer (C#,.NET,SQL Server, good education ,AS

Junior C#.NET Developer (C#,.NET,SQL Server, good education...

Userinterfaces Designer, UI, Front End, BERLIN, 6 months

I am looking for my well known client in Berlin for a...

SQL Developer/Analyst

SQL Developer required to provide development and analysis...

To send to more than one email address, simply separate each address with a comma.