IE Flaw used by Hackers to Attack Google, Adobe, says McAfee

Dennis Faas's picture

An Internet Explorer (IE) vulnerability was used by hackers to get past the defenses of Adobe, Google, and about 32 other companies, says security firm McAfee. Until now, the IE flaw had been unknown to security researchers, while the attack had initially been blamed on an Adobe PDF (Portable Document Format) vulnerability.

According to McAfee, hackers used a variety of tactics, including spear-phishing (email spoofing with a specific target in mind), to unleash an incredibly effective "cocktail of zero-day vulnerabilities," that exploited flaws in company systems and left backdoor loopholes for executing future breaches installed on affected computers.

IE, not Adobe, to Blame for Breaches

McAfee says the attack's success had little to do with vulnerabilities in Adobe Reader or Adobe Acrobat, but appears to have been the result of holes in Microsoft's popular web browser, Internet Explorer.

"In our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer," McAfee CTO George Kurtz noted in a blog post yesterday. "Our investigation has shown that Internet explorer is vulnerable on all of Microsoft's most recent operating system releases, including Windows 7."

Microsoft Advisory Expected "Soon"

Microsoft has not yet admitted IE's role in the issue, but said it was "investigating these reports and will provide more information when it is available." Kurtz said he expected the software giant to administer an advisory on the matter "soon." (Souce: computerworld.com)

The original attack took place earlier this week, originating somewhere in China. At that time, many tech pundits jumped the gun in speculating that the assault was related to PDF vulnerabilities. That now appears to have been an erroneous report.

Hacker Campaign Dubbed "Aurora"

The attack targeted a slew of companies, including Google, with the early victim count pegged at about twenty. However, as researchers have investigated the issue further, it's been found that about 34 total companies were affected.

Dubbed "Aurora" in reference to the name of the attacker's filepath discovered by researchers, security experts think this is probably the official name of the campaign as created by hackers. (Source: theregister.co.uk)

Rate this article: 
No votes yet