AAPL Stock: 118.03 ( -0.85 )

Printed from

US Radiation health site involved in Chinese 'watering hole' attack

updated 10:58 am EDT, Sat May 4, 2013

Attack targeted nuclear weapons workers accessing health information

A US Department of Labor website tailored for nuclear weapons researchers has been compromised, redirecting visitors to a series of alternative websites. If the accessor was using Windows XP and Internet Explorer 8, the culmination of the attack inserted the "Poison Ivy" malware onto the computer, giving access to the user's data by "DeepPanda", a group of hackers believed to be located in China.

Microsoft has confirmed the code execution flaw in Internet Explorer 8. The ultimate fix for the issue is migration to a newer version of the browser, all that have fixes for the flaw. If an upgrade isn't possible, Microsoft advises users to set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones, and to configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones. Both settings would require "white listing" trusted sites.

"For users of IE8, there is no patch currently available and with this exploit being out in the wild, the potential risk for damage is high" said researchers from security firm Invincea in an initial report on Wednesday.

The webpages that were affected provided information on illnesses suffered by personnel developing atomic weapons, making it a likely target for a "watering hole" attack. The websites have since been repaired, and law enforcement is looking into the matter.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented