Cyber attack exploited unknown IE vulnerability

Jake Widman
Friday, 15 January 2010 23:19

Business IT - Security

The China-based cyberassault on Google and other companies used a previously unknown Internet Explorer vulnerability as one attack vector. Microsoft has issued a Security Advisory.

Earlier this week, Google revealed that it, along with up to three dozen other companies, had been the target of a cyberattack over the December holidays. The attack, which originated in China, included an attempt to get at the Gmail accounts of Chinese activists but also to retrieve source code from the targeted companies.

The attackers relied on social engineering to send maliciously formed files to specific individuals in the companies, disguising the files so they would appear to come from trusted sources.

According to a post on the McAfee Security Insights Blog, one of the pieces of malware thus distributed used a previously unknown vulnerability in Microsoft Internet Explorer to open a "back door" that allowed the attacker to gain control of the infected system.

While McAfee has only seen such attacks use Internet Explorer 6, the vulnerability is present in other versions as well. A related Microsoft Security Advisory reads, "Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected."

The Advisory as well as a post on the Microsoft Security Response Center blog detail actions customers can take to minimize their exposure to this vulnerability.

The McAfee post warns, however, that the IE exploit may not have been the only attack vector: "Many of these targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios. So there very well may be other attack vectors that are not known to us at this time."

The post does say, on the other hand, that McAfee has not found that the attacks exploited a vulnerability in Adobe Reader, contrary to reports from other security sources.