Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Symantec Threat Bulletin: Symantec Warns Computer Users About Major Internet Explorer Vulnerability and Offers Tips on Protectio

  • 20 January, 2010 11:23

<p>Symantec Threat Bulletin: Symantec Warns Computer Users About Major Internet Explorer Vulnerability and Offers Tips on Protection</p>
<p>Microsoft recently announced a zero-day vulnerability that affects Internet Explorer 6, 7 and 8. This vulnerability is linked to the attacks against Google, which were publicised last week. Part of the discussion has revolved around Trojan.Hydraq, which is being used to exploit the Internet Explorer zero day vulnerability. While this most recent incident has brought much attention to Hydraq, the trojan itself is not new.</p>
<p>The trojan is very much a standard backdoor trojan and is not all that sophisticated when compared to other malware currently being propagated online. Based upon the functionality of the trojan, we can safely surmise that its intent is to open a back door on a compromised computer allowing a remote attacker to monitor activity and steal information from not only the computer itself, but the larger infrastructure to which the computer is connected. For a more comprehensive description of Trojan.Hydraq’s abilities and some helpful images related to the trojan, please visit this posting on Symantec’s Security Response blog.</p>
<p>Also, if you’d like to discuss Trojan.Hydraq or the types of targeted attacks it could be used to carry out in greater depth, please let me know and I can put you in touch with a Symantec security expert.</p>
<p>Many thanks,</p>
<p>Protection For Consumers</p>
<p>What should computer users do to protect themselves now so they don’t become victims later?</p>
<p>1. Stay on top of security patches. Vulnerabilities happen all the time, regardless of the operating system or software maker. In the case of Microsoft Internet Explorer, according to Symantec’s Internet Security Threat Report, in 2008 alone, there were 47 new vulnerabilities identified in the browser. Make sure the operating system and software/applications are updated with the latest patches. While Microsoft hasn’t released a patch for this vulnerability yet, it’s likely it will in the future. Depending on the operating system, critical patches are usually pushed out to the computer automatically or users will receive a notice on their computer that updates are available. These messages should not be ignored. Updates should be downloaded as soon as possible.</p>
<p>2. Not all security software is made equal. Antivirus alone will not protect against a zero day vulnerability because antivirus software needs to know about a threat first so that a signature can be created to detect the threat. With zero day vulnerabilities, being in that situation means too little, too late. Computer users need a complete security solution with an intrusion prevention system which can detect new exploits that target vulnerabilities without signatures.</p>
<p>3. Get educated about how to stay safe online. Computer users can learn more about how to protect themselves by visiting Norton’s Every Click Matters site.</p>
<p>Enterprise Solutions and Trojan.Hydraq</p>
<p>Enterprise solutions that protect against this threat include:</p>
<p>Symantec Protection Suite</p>
<p>These attacks were targeted at the core security infrastructure of organisations. With Symantec Protection Suite, the multiple layers of
defence bolster an organisations ability to defend against attacks from various places and vectors. Having a robust defence at the gateway with Brightmail Gateway for SMTP email security, along with Web Gateway for Web traffic and usage, ensures that an organisation is able to monitor all incoming and outgoing mail and Web traffic, constantly monitoring for and stopping threats. The Protection Suite also ensures endpoints are clean with its market leading Endpoint Security product. Finally, by having access to Symantec’s Backup Exec for desktops and laptops, in the event that an endpoint is infected, running a complete re-image is quick and easy, ensuring up-time and employee productivity. Symantec’s security products are backed by our Global Intelligence Network, ensuring customers are protected and are up to date with rules and signatures.</p>
<p>Symantec Hosted Services</p>
<p>Today’s threats span multiple communication protocols and can evade signature-based detection. Symantec Hosted Services help protect
against converged threats that span email, Web, and instant messaging. Our proprietary heuristic technology for malware and spam filtering, captures and shares threat intelligence across these protocols and provides identification of previously unseen threats. All of this is managed via a single, integrated security management console that simplifies administration while increasing visibility and control.
Link to Symantec Hosted Services page:;inid=us_ghp_staticpromo_hostedservices</p>
<p>Links to trialware:</p>
<p>Hosted Email Security -</p>
<p>Hosted Web Security -</p>
<p>Hosted IM Security -</p>
<p>Total Management Suite</p>
<p>With TMS, customers benefit from the ability to gain complete visibility into their IT environment. Working under the premise that it’s difficult, if not impossible, to manage and protect what you don’t know or can’t see, customers can:</p>
<p>1. Run and maintain accurate asset inventory reports to understand what hardware and software they have in their environment (this enables customers to react quickly to threats and vulnerabilities and take the necessary steps to remediate)</p>
<p>2. Prepare for necessary migrations. In this case, Symantec would refer to a move to IE7 as an update instead of a migration.</p>
<p>3. Quickly determine which patch updates and other necessary software updates (i.e. IE7) need to occur</p>
<p>4. Automate the necessary software updates and/or patches</p>
<p>5. Generate reports to ensure successful updates or migrations</p>
<p>6. Update asset inventory reports to prepare for ongoing management.</p>
<p>Symantec Critical Systems Protection (CSP)</p>
<p>The focus of these attacks was to steal intellectual property. Symantec CSP could have played a significant role in defending this information by placing constraints around which users and applications had access to the sensitive data. Any unauthorised users or applications would have been denied access to the data and an alert would have been generated when the attempt was made. Additionally, Symantec CSP provides robust out-of-the-box protection against both known and unknown remote code execution attempts.</p>
<p>Symantec Security Information Manager (SSIM)</p>
<p>A number of these attacks were achieved using a combination of attack vectors, resulting in back door Trojans being installed. SSIM can
effectively collect and prioritise these events as they occur across the layered security solutions that need to be deployed to protect against a broad variety of these attack vectors. SSIM can further contribute global intelligence to the correlation process to include malicious IP, Worm IP and Botnet IP lists that can be manually updated to automatically conclude incidents around this particular attack. Early detection of single exploited attack vectors may provide pre-emptive visibility about attacks before they can fully execute.</p>
<p>DeepSight Early Warning Services</p>
<p>Symantec™ DeepSight™ Early Warning Services provides actionable intelligence covering the complete threat lifecycle, from initial vulnerability to active attack. On January 15 we published a journal about a new unpatched Microsoft Internet Explorer vulnerability, which was leveraged by malware identified by Symantec as Trojan.Hydraq. DeepSight Analysts continue to provide updates to this evolving threat as new information becomes available. DeepSight subscribers benefit from personalised notifications and expert analysis (including patches, countermeasures and workarounds) to better protect critical information assets against a potential attack.</p>
<p>Symantec Managed Security Services</p>
<p>Symantec MSS monitors over 800 customers (including 92 of the Fortune 500). In response to this threat, Symantec MSS updated our detection capabilities for both the targeted Trojan.Hydraq as well as exploits against the recent IE vulnerability. This monitoring includes customers’ firewalls, intrusion detection sensors (IDS), web proxies and system logs. As this threat is primarily client side, any clients with our Managed Endpoint Security service also received updates to protect their endpoints from this attack. Our SOC Analysts are also available to work with customers to take proactive steps to mitigate the IE vulnerability within their enterprise as needed.</p>
<p>Media Contact:</p>
<p>Jasmin Athwal</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>

Most Popular




Sony WH-1000XM4 Wireless Noise Cancelling Headphones

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?