Servers used in Google attacks tied to Peng Yong, Dyn Inc.

Steve Ragan, security editor at The Tech Herald, has conducted an extensive examination of how Google and dozens of other tech, financial and media corporations got breached via the latest Windows Internet Explorer flaw. Ragan discusses his findings in a lengthy blog post that reads like Sherlock Holmes in the early stages of connecting the dots for a befuddled Mr. Watson, in this case played collectively by the global community of security researchers

Working with private security analyst Michael Felch, Ragan turns up evidence tying a few  of the servers used to deliver malware  in what’s being referred to as Operation Aurora to a couple of intriguing peripheral characters. The first is a controversial Chinese techie, named Peng Yong, and the second is New Hampshire-based hosting company, Dyn Inc. There the trail runs cold, for the moment.

Ragan’s bottom line: there’s more circumstantial evidence pointing to a conventional attack by profit-minded data thieves, than to a Chinese-government-backed operation, a notion LastWatchdog examined last week in this post.

Ragan raises a great point about why the global community of researchers, including the crack teams at Microsoft and McAfee, in this case, cannot seem to sustain an advanced level of cooperation that would be the surest way to mitigate cybercrime and cyber espionage.

It is odd that the detailed data available on the Malware and overall Aurora incident is scattered and made available, thanks mostly to the efforts of independent researchers. Considering all the security vendors quick to team up and fight Conficker, where is the Cabal for Aurora?

This whole incident would be a great source of information for organizations to learn about threats to intellectual property, incident response, risk management, and so on. Yet, the information blackout leaves business leaders in the dark, and the political war being waged in the press between China and the U.S. does nothing but spread confusion and offers little technical value.

Meanwhile, users of pirated copies of Windows take heed: you should stay current on all Microsoft security patches just like everybody else.

Microsoft has long had a policy of giving Windows pirates a free pass to download security patches. Yet many of the tens of millions of Windows pirates worldwide may not be aware of this policy, nor trust that Microsoft won’t try to somehow penalize them, says Charles Wisniewski, security analyst at Sophos.

“I preach that users should trust Redmond for their word on this one, and that infected pirated copies of Windows are not doing anyone any good, especially Microsoft,” says Wisniewski. “It hurts their reputation and, piracy or not, people should feel obligated to do their part for a safer Internet.”

This is especially true in the wake of the Google-China affair. Attackers used a freshly discovered security hole in Windows Internet Explorer to hack into Google and dozens of other tech, financial and media corporations. Microsoft has since issued an emergency patch. But if tens of millions PC owners who are using pirated copies of Windows never patch that will make it easier for attacks like Operation Aurora to proliferate, security experts say.

Microsoft spokesperson Jill Lovato supplied these written answers to Last Watchdog’s questions about Microsoft’s patch amnesty program.

LW: What percentage of Windows users worldwide are using pirated copies of Windows?

Microsoft: Our research shows that up to a third of customers worldwide may be running counterfeit copies of Windows.

LW: Can you confirm the estimate that 90% of Chinese PC owners use pirated copies of Windows?

Microsoft: We don’t provide numbers broken down by region; as our research indicates, the total number worldwide is up to one third, so piracy is clearly a serious global problem.

LW: When did Microsoft begin making security patches available to users of pirated copies of Windows?

Microsoft: We’ve always made security updates available to all customers. Making security updates more broadly available helps to prevent the spread of malware and to fight cyber crime.

LW: How do users of pirated copies of Windows go about getting security patches?

Microsoft: Customers with non-genuine copies of Windows receive updates through Windows Update or the Download Center, just like other customers.

LW: How many users of pirated copies of Windows stay current on their security patches? Is it less than 10%. Less than 5%?

Microsoft: We don’t have specific numbers to share on this topic.

LW: What assurance do Windows pirates have that Microsoft won’t try to somehow penalize them when they download security patches?

Microsoft: We like to work with customers who have non-genuine copies of Windows, and at the same time work to improve the overall health of the Internet by fighting malware. We will continue this path of constructive engagement with our customers.

By Byron Acohido

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone