according to McAfee “Aurora” Exploit In Google Attack Now Public, and the exploit code referred should be here, any one can give a more detailed explanation how it works?
I guess the full answer is being kept back, to prevent more people from performing the attack. The script that is related to this must be a way of creating the invalid pointer that is then exploited to gain access to the user's system. The script is only a part of the whole process - but the vulnerability is related to accessing a "freed object". This possibly means that the error supplied when you attempt to access the freed object contains too much information - which can then be used to attack your system.
from reading that and following alink in the comments it seems that when the user visits the rigged page the exploit opens a connection to the attackers computer giving the attacker the ability to issue commands as the user. They can list/kill processes, basically do whatever a user can do.
The malware used to initiate the "Aurora" attacks was nothing special: it's just another vulnerability in Internet Explorer which allows an attacker to take over a victim's computer. What was special about Aurora was the scale of the social engineering that they did and the sophistication of what they did next: leveraged a foothole inside these well-known companies to penetrate deeper and deeper into critical systems.
Security people have always known that this kind of thing was possible; this is just the first time that the whole world saw that the dedication required to pull it off wasn't just the stuff of conspiracy theorists.
There is sharp answer on page you give link
"An attacker could gain complete control over a vulnerable system by tricking a user to visit a rigged Web page."
That's it... it just make redirection.
The main trouble with it is... that code encrypted/obfuscated and that's why security software cannot run on it
Its... now we come to the same stage of concurrency between malware and security software,
as it was with late .EXE viruses, which become polymorphic to hide from ordinary signature based antiviruses.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论