News

McAfee fingers Internet Explorer in Google China hack

Blame for the China-based cyber attack on Google, Adobe and at least 20 other companies has shifted from Adobe's Reader software to Microsoft's Internet Explorer web browser.

Researchers at McAfee Labs analysed several pieces of malicious code that were used in attempts to penetrate several of the targeted organisations.

"In our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer," said McAfee chief technology officer George Kurtz in a blog post.

"We informed Microsoft about this vulnerability and Microsoft published an advisory and a blog post on the matter," he said.

Kurtz said although targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios, contrary to some reports, McAfee had found no evidence of a vulnerability in Adobe Reader being a factor in these attacks.

According to Microsoft, the IE vulnerability exists as an invalid pointer reference which can be exploited to allow remote code to be executed.

Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system, said Kurtz.

"The attacker can now identify high-value targets and start to siphon off valuable data from the company," he said.

McAfee said IE is vulnerable on all of Microsoft's most recent operating system releases, including Windows 7, but attacks have so far been focused on Internet Explorer 6

Microsoft has said Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected.

The attacks uncovered by Google are the latest evidence of pervasive and sophisticated cyber espionage being carried out from China. Chinese officials deny state involvement.

Google has threatened to withdraw from China if it is unable to win government approval to continue running its search engine operations without censoring results.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy