Internet Explorer flaw led to Google China attacks

 

Gallery

By Reuters

Posted on 15 Jan 2010 at 07:14

Recent sophisticated cyber attacks on Google and other businesses exploited a previously unknown flaw in Internet Explorer.

The vulnerability in the world's most widely used browser was identified by security company McAfee, and later confirmed by Microsoft.

Google claims that in mid-December it detected an attack on its corporate infrastructure originating from China that resulted in the theft of its intellectual property. It eventually found that more than 20 other companies had been infiltrated.

We have never seen attacks of this sophistication in the commercial space

McAfee says that those who engineered the attacks tricked employees of the companies into clicking on a link to a website that secretly downloaded sophisticated malicious software onto their PCs through a campaign that the hackers apparently dubbed Operation Aurora.

"We have never seen attacks of this sophistication in the commercial space," says Dmitri Alperovitch, a vice president of research with McAfee. "We have previously only seen them in the government space."

Microsoft later confirmed the flaw, and sent out an advisory to users to help mitigate the problem. It is still working on a patch that will solve it. "The company has determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and other corporate networks," a Microsoft spokesperson says.

Microsoft says using Internet Explorer in "protected mode" with security settings at "high" would limit the impact of the vulnerability. "We need to take all cyber attacks, not just this one, seriously," Microsoft Chief Executive Steve Ballmer said in an interview on CNBC. "We have a whole team of people that responds in very real time to any report that it may have something to do with our software, which we don't know yet," Ballmer added, before the company confirmed IE was at fault.

Hijacked PCs

The programs allowed the hackers to take control of the PCs without the knowledge of their users, according to McAfee, which has been researching the matter on behalf of several companies involved in the attacks since late last week. McAfee's Alperovitch declined to say which companies had hired the security firm, saying they had signed confidentiality agreements.

So far the only other victim to come forward is design software maker Adobe, which has said that it is still investigating the matter.

Some researchers have speculated that the attackers may have exploited flaws in Adobe's Acrobat software and its widely used Reader program for opening PDF documents. McAfee's researchers say that they found no evidence to support that claim. Still, they say that the hackers may have used other types of malicious software to break into Google and the other companies.

Internet Explorer is vulnerable on all recent versions of Windows, including Windows 7, according to McAfee. Microsoft claims attacks were limited to Internet Explorer 6.