Google Attackers Used Internet Explorer Zero Day

Several of the companies victimized in the attack that hit Google and dozens of other companies recently were compromised through the use of a new, unpatched vulnerability in Internet Explorer, experts say.

Several of the companies victimized in the attack that hit Google and dozens of other companies recently were compromised through the use of a new, unpatched vulnerability in Internet Explorer, experts say.

The flaw was used in a sophisticated attack that included victims receiving targeted emails with malicious attachments or links to malicious sites, which then exploited the flaw in IE. Researchers at McAfee have been working with some of the victim companies to investigate the attacks, and discovered the new IE vulnerability during the course of the investigation, according to a blog post by CTO George Kurtz.

As with most targeted attacks, the intruders gained access to an
organization by sending a tailored attack to one or a few targeted
individuals. We suspect these individuals were targeted because they
likely had access to valuable intellectual property. These attacks will
look like they come from a trusted source, leading the target to fall
for the trap and clicking a link or file. That’s when the exploitation
takes place, using the vulnerability in Microsoft’s Internet Explorer.

Once the malware is downloaded and installed, it opens a back door
that allows the attacker to perform reconnaissance and gain complete
control over the compromised system. The attacker can now identify high
value targets and start to siphon off valuable data from the company.

Our investigation has shown that Internet Explorer is vulnerable on
all of Microsoft’s most recent operating system releases, including
Windows 7.

This is the first detailed description of the methods the attackers used in at least some of the incidents, although there may have been other methods used against other victims. Google was the first to publicly disclose the attack on Tuesday, saying that its corporate network had been compromised and some intellectual property stolen. Adobe also disclosed an attack Tuesday, but has not confirmed that it was related to the same series of attacks that hit Google and more than 30 other companies.

There are reports that Microsoft may release information on the IE flaw Thursday.

Suggested articles


  • Anonymous on

    Even google don't use Chrome? Funny...

  • Khürt Williams on

    Google develops web applications (Gmail, Google Docs).  It makes sense that the developers would want to test their applications against all target browses, including Internet Explorer.
  • Anonymous on

    Correct they would use it for developing their applications but this means that IE is their default browser as well for the attack to work.  Not requiring Chrome to be their default browser.

  • Michael Dalgleish on

    This is basically just a spear phishing attack Nothing new or inventive. The only thing it calls into question is Googles' internal application and security policies.  Why weren't these privileged users either sandboxed or web filtered?

  • Anonymous on

    forgot to add some info.  the botnet i been fighting since its creation loves decoys.  while i originally believe they were hacking through my wireless hub, they were actually coming in from their evil backdoor on the motherboard.    i spent 6 months hunting vehicles that didnt exist due to my hub logs randomly showing acer-pc and/or truck-pc as connections.  they were decoys.   the hub was also the original altered source of the DNS errors that i got every 30 minutes for months on end.    twitter/myspace/msft/comcast/verison/and about 100 unders were all being hacked way before it was addres about the april first worm.  i got to sit here and watch it all happen from ROOT and couldnt do anything about it.  originally it was gonna remain undetectble till they gave the worm info to kid hackers to get away due to a distress call i made.  it failed in shuting down the worm, but an exe does exist to remove the worm from all systems(which is a backdoor that intercepts all packets).  the ie was being exploited by javascript injections that came from the first master boot record that was a fuction  labled ANON_????????   where the questionmarks i cant remember.  the worm also had a open anonymous connection avail.  it sent info to IRC chatrooms and the irc name used at the time was Fermandez.  there was code showing how the frequencys was used and he was teaching the worm to others.  


    there is so much to the worm that yall dont know.   dual band packets that are using your phones to spread.  the phone towers were used.    linux wont protect you, and you cant low level format your drives anymore.   the cache cant be touched(possibly from the intel chip exploit).   everyone who i contact by phone or email gets screwed.  and lots more to it.  if you want it to go away, you need to find the global worm in the motherboard and kernel.



Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.