Microsoft investigates zero-day attack on veterans website

The Website of Veterans of Foreign Wars came under attack this week. 

|
VFW.org
The Website of the Veterans of Foreign Wars was apparently the target of a zero-day cyber attack.

Microsoft says it is investigating a series of zero-day attacks that apparently exploited a flaw in a recent version of the Internet Explorer browser. 

The attacks were first spotted by the security firm FireEye, which identified the target as VFW.org, the homepage of the Veterans of Foreign Wars. "We believe the attack is a strategic Web compromise targeting American military personnel amid a paralyzing snowstorm at the US Capitol in the days leading up to the Presidents Day holiday weekend," reps for FireEye wrote on the company blog. 

FireEye believes that hackers used a vulnerability in Internet Explorer 10 to "silently redirect" visitors from VFW.org to a shadow site, in the process infecting thousands of computers with spyware. (You can find a more thorough explanation of the zero-day attack here, courtesy of the FireEye team, but unless you're a computer professional, you'll want to have easy access to a dictionary of technical terms.)

The VFW has not issued an official statement on the attacks, but Microsoft says it is "aware of [the] targeted attacks." 

"We are investigating and we will take appropriate actions to help protect customers," the company said in a statement. 

But that may not be the end of the threat. In an interview with Computerworld, Darien Kindlund, manager of threat intelligence for FireEye, said the perpetrators of the attack – dubbed "Operation SnowMan" by FireEye – were committed and likely "fairly sophisticated." 

"Once this operation subsides, they'll probably restart again," Mr. Kindlund said. "It still seems they're achieving mission success based on the slight tweaks they've done to their attack methodology."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Microsoft investigates zero-day attack on veterans website
Read this article in
https://www.csmonitor.com/Technology/2014/0214/Microsoft-investigates-zero-day-attack-on-veterans-website
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe