January 17th, 2010, 09:32 AM
Attack code used to hack Google now public
The dangerous Internet Explorer attack code used in last month's attack on Google's corporate networks is now public.
The code was submitted for analysis Thursday on the Wepawet malware analysis Web site, making it publicly available. By Friday, it had been included in at least one publicly available hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee.
The attack is very reliable on Internet Explorer 6 running on Windows XP, and it could possibly be modified to work on more recent versions of the browser, Marcus said. "The game really changes now that it's hosted publicly," he said.
A hacker could use the code to run unauthorized software on a victim's computer by tricking them into viewing a maliciously crafted Web page.
That's apparently what happened at Google late last year, when hackers were able to get into the company's internal systems. According to people familiar with the incident, 33 other companies were also targeted by the attack, including Adobe Systems.
Full story: Computerworld