China Attackers Exploited Internet Explorer
- 3 Comment
Chinese attackers who mounted attacks on Google were able to do so by exploiting vulnerabilities in Microsoft’s browser, Internet Explorer, according to new info from McAfee. Microsoft was supposed to release an advisory about the Internet Explorer hole but has not done so yet.
The security flaw involves Internet Explorer’s handling of JavaScript. The malware involved opens a “back door” that allows the attacker to enter and control the entire compromised system. The attackers targeted only a few specific individuals. Internet Explorer is vulnerable to this attack on all recent Microsoft operating systems, including Windows 7.
Initially security researchers thought that a vulnerability in Adobe Reader was the problem. Adobe denied this, and it turns out they were right–their software appears to have no security issues associated with this recent attack.
Google released information about the attacks on Tuesday. They were not the only US company to be attacked: Adobe, Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical were also targeted.
Via CNET, image via Microsoft.
[...] despite its many flaws and the plethora of better alternative browsers available for download. The recent attack on Google in China, however, has truly shown that it is time to stop using IE and switch to a [...]
[...] new threat is not the same as the one used against Google in China. This malware replaces the code of “MessageBeep API” so that Internet Explorer cannot play a [...]
[...] with Microsoft’s Internet Explorer 6. After all, it was a vulnerability in IE6 that allowed Chinese hackers to mount an attack against Google and target Chinese human rights activists’ Gmail accounts. [...]