![[graphic: comztek logo]](../../images/logo.png){kind=logo}
A new security threat on the rise
By Adrian Hollier, Comztek Channel Manager
Numerous predictions were made at the beginning of the year about what we can expect to dominate the headlines in the IT industry in 2010. From cloud computing finally becoming a mainstream technology, to the enforcement of harsher green IT regulations. It was all covered in the top CTOs’ Nostradamus renditions. However, not one of these foresaw the rise of a virus that would threaten to sever ties between Google, the world’s top Internet search engine, and China, the world’s top Internet using nation.
This happened in January when Google reported that a number of its clients’ accounts were targeted by a hacker believed to be of Chinese origin. The virus/malware used in the attack – Hydraq.
What is Hydraq?
Hydraq is a targeted attack that is sometimes referred to as Aurora or Google Attacks. It installs itself on a user's computer or an organisation's server. It can then be used to search an organisation for private information. Hydraq can capture and forward all information from an infected computer, including a live feed of windows on a screen and all information typed on the keyboard. The Hydraq attack and other similar type of attacks are often called advanced persistent threats because of the sophistication and persistence of the attacks within a business.
How does it end up on your computer or server?
The Hydraq attack is launched in two ways:
- Through a vulnerability in the Internet Explorer web browser
- As an attachment to an email using a pdf file read by Adobe Acrobat, Adobe Reader, and Adobe Flash Player
Typically an email is sent to an individual or small group of individuals, within an organisation. The email is very detailed and all efforts are made to make it look legitimate – like it was sent by somebody the recipient trusts. The subject matter will often be related to the recipient's area of business. In order to install the malware, the user is tricked into either clicking a malicious link or opening an attachment. Both methods then exploit a vulnerability to install the trojan onto the machine.
Who is targeted?
Small businesses, IT professional and C level managers within large organisations are the main targets of Hydraq attacks. Attacks are also targeted at anyone who is likely to have access to high level, privileged information.
Staying safe
Users at all levels are encouraged to follow best practices in general and specifically to update to the latest patches available for Adobe Acrobat, Adobe Reader, and Adobe Flash Player. At this time a patch is not available for the Internet Explorer vulnerability but an IPS signature has been released by leading vendors, such as Symantec, which blocks exploitation of this vulnerability.
A multi-layered security consisting of antivirus and antispyware, firewalls and encryption is always a must have and is a user’s first line of defense against all kinds of security threats.
![[graphic: comztek africa logo]](http://www.comztek.com/images/comztek_logos/rest-of-africa_sml.png)
