The code used by China-based hackers in cyber attacks against Google and at least 20 other companies has been published on the internet.
Code that exploits the yet-to-be-patched Microsoft Internet Explorer vulnerability has appeared on at least one website, according to researchers at security firm McAfee.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Microsoft published an advisory and a blog post about the vulnerability after it was identified by McAfee researchers investigating the attacks.
The public release of the exploit code increases the possibility of widespread attacks using the IE vulnerability, said McAfee chief technology officer George Kurtz in a blog post.
"The now public computer code may help cybercriminals craft attacks that use the vulnerability to compromise Windows systems," he said.
According to McAfee, the attack is especially deadly on older systems running Window XP and IE 6, although versions 7 and 8 are also vulnerable.
This is the largest and most sophisticated cyber attack in years targeted at specific corporations, said Kurtz.
"What really makes this a watershed moment in cybersecurity is the targeted and coordinated nature of the attack, with the main goal appearing to be to steal core intellectual property," he said.
The attacks prove these threats are no longer the stuff of science fiction, and should be taken seriously by the public and private sectors alike, according to security advisors.
Hopefully, the attacks will prompt organisations to review their security and perhaps even discover breaches that have remained hidden for some time, said Tony Dyhouse, director of the cyber security programme, Digital Systems Knowledge Transfer Network.
"The problem is organisations are often unaware they have been infiltrated and do not take seriously threats they cannot see," he said.