Google Attackers Used Internet Explorer Zero Day

Author: Dennis Fisher
minute read

Several of the companies victimized in the attack that hit Google and dozens of other companies recently were compromised through the use of a new, unpatched vulnerability in Internet Explorer, experts say.

Several of the companies victimized in the attack that hit Google and dozens of other companies recently were compromised through the use of a new, unpatched vulnerability in Internet Explorer, experts say.

The flaw was used in a sophisticated attack that included victims receiving targeted emails with malicious attachments or links to malicious sites, which then exploited the flaw in IE. Researchers at McAfee have been working with some of the victim companies to investigate the attacks, and discovered the new IE vulnerability during the course of the investigation, according to a blog post by CTO George Kurtz.

As with most targeted attacks, the intruders gained access to an
organization by sending a tailored attack to one or a few targeted
individuals. We suspect these individuals were targeted because they
likely had access to valuable intellectual property. These attacks will
look like they come from a trusted source, leading the target to fall
for the trap and clicking a link or file. That’s when the exploitation
takes place, using the vulnerability in Microsoft’s Internet Explorer.

Once the malware is downloaded and installed, it opens a back door
that allows the attacker to perform reconnaissance and gain complete
control over the compromised system. The attacker can now identify high
value targets and start to siphon off valuable data from the company.

Our investigation has shown that Internet Explorer is vulnerable on
all of Microsoft’s most recent operating system releases, including
Windows 7.

This is the first detailed description of the methods the attackers used in at least some of the incidents, although there may have been other methods used against other victims. Google was the first to publicly disclose the attack on Tuesday, saying that its corporate network had been compromised and some intellectual property stolen. Adobe also disclosed an attack Tuesday, but has not confirmed that it was related to the same series of attacks that hit Google and more than 30 other companies.

There are reports that Microsoft may release information on the IE flaw Thursday.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.