News Stay informed about the latest enterprise technology news and product updates.

Hackers used IE zero-day in Google, Adobe attacks, McAfee says

The recent targeted attacks against Google, Adobe and possibly dozens of other firms used an unpatched vulnerability in Internet Explorer, according to researchers at McAfee.

Security researchers at antivirus vendor McAfee Inc. have discovered a new Microsoft Internet Explorer zero-day flaw that they believe was used to hack into Adobe Systems Inc., Google and dozens of other technology, financial and government contracting firms.

To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

George Kurtz, chief technology officer of McAfee said researchers in McAfee's AvertLabs have discovered the new IE zero-day vulnerability during analysis of malware samples involved in the broad attacks, which used a malicious Adobe PDF file, sophisticated social engineering tactics to trick people into opening the malicious link or file.

"Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system," Kurtz wrote. "Our investigation has shown that Internet Explorer is vulnerable on all of Microsoft's most recent operating system releases, including Windows 7." 

Related news:

Chinese attacks target Google accounts, top tech firms: Up to 33 Silicon Valley tech firms, financial companies and government contractors have been breached by a sophisticated attack believed to have originated in China.

Kurtz said Microsoft has been informed. The software giant has not yet acknowledged the IE zero-day vulnerability.

On Tuesday, Google announced that it had been the victim of a series of "highly sophisticated and targeted attacks," resulting in the theft of intellectual property from its systems. In the Official Google Blog, the search engine giant said it detected the sophisticated attack in mid-December.

In a separate announcement on Monday, Adobe acknowledged a targeted attack targeting its corporate network systems. In a short blog entry, Adobe's Pooja Prasad said the company was investigating a "computer security incident."

"At this time, we have no evidence to indicate that any sensitive information--including customer, financial, employee or any other sensitive data--has been compromised," said Adobe's Pooja Prasad in the company's blog. "We anticipate the full investigation will take quite some time to complete. We have and will continue to use information gained from this attack to make infrastructure improvements to enhance security for Adobe, our customers and our partners." 

McAfee's Kurtz said the targeted attacks involve a cocktail of zero-day vulnerabilities.

"There very well may be other attack vectors that are not known to us at this time," Kurtz said. "That said, contrary to some reports our findings to date have not shown a vulnerability in Adobe Reader being a factor in these attacks."

In an earlier analysis, VeriSign Inc. researchers confirmed the attack against Google used malicious PDF files and said there were clues, including similar IP addresses and the use of the same command-and-control structure as a series of earlier attacks carried out in July.

"In both attacks, the malicious files drop a backdoor Trojan in the form of a Windows DLL," VeriSign's iDefense said in its announcement.

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.