RSS Alerts
Google

Related Links

  • Adobe
  • Google
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Twitter and Google Calendar XSS vulnerabilities revealed
    Nir Goldshlager, a security researcher and penetration tester with Israel's Avnet, claims to have discovered a number of cross-site scripting (XSS) vulnerabilities with Twitter, the popular social networking portal.
  • Google users targeted by new malicious websites
    Network security company eSoft’s threat prevention team has discovered new malware sites specifically targeting users of Windows operating system and Google.
  • Google Docs leaks out private data
    The security rating of cloud computing has taken a battering with news that users of Google's online word processing service - Google Docs - may have shared their data with unauthorised users.
  • Google falls victim to human error
    On Saturday, Google users were warned that all their search results were potentially harmful, due a widespread result of human error.
  • German government asks its internet users to switch from Explorer
    The escalating saga of Google and its strained relations with China took an unexpected turn over the weekend with the German government – in what it calls an unprecedented move – warning internet users to stop using Internet Explorer because of security risks.

News

Google - China attack episode: Is Microsoft to blame?

15 January 2010

A complex attack on the Google Gmail accounts of human rights activitists – apparently from hackers based in China – has now been indirectly blamed on Microsoft, after McAfee Labs announced last night that the attacks appear to exploit a little-known vulnerability in Microsoft Internet Explorer.

The Google Gmail attacks – which were paralleled by similar attacks on Adobe and a number of other IT companies – are the result of a complex targeted attack by hackers in China that stem from a new and little-known vulnerabiity in the Microsoft web browser.

In his analysis of the saga, George Kurtz, McAfee's chief technology officer, said that, in the company's investigation it discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer.

"We informed Microsoft about this vulnerability and Microsoft published an advisory and a blog post on the matter," he said in his own blog posting.

Kurtz went on to say that, although targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios, contrary to some reports, McAfee had found no evidence of a vulnerability in Adobe Reader being a factor in these attacks.

The Internet Explorer vulnerability is said to exist as an invalid pointer reference that can be exploited by hackers to allow remote code to be executed.

According to Kurtz, once the malware is downloaded and installed, it opens a executable back door that allows the hacker to scan the available ports and gain control over the compromised IT system. "The attacker can now identify high-value targets and start to siphon off valuable data from the company," he explained.

Unconfirmed reports suggest that all versions of Internet Explorer from 5.0 onwards are vulnerable to the flaw, although newswire reports this morning said the main focus of the attacks were on Internet Explorer 6.

As widely reported in the media, the attacks – which were publicised by Google – originate from highly organised cyber espionage sources in China, although the Chinese government has denied any involvement.

Owing to this latest rash of attacks and what it claims is increasing pressure to ramp up its search engine filtering, Google has said it will now remove its filtering in China, as well as pull out of the country, unless the censorship pressures are removed.

Google's threat to withdraw from China has gained support from several sources, including Neelie Kroes, the woman set to become the European Union's top internet official. "We have to have freedom of speech, we have to have the possibility to put things on the 'Net," she told EU legal officials and reporters at a briefing yesterday.

Kroes said that the allegations against China, if proven, were "particularly worrying as targeting of human rights activists in China and elsewhere" violated fundamental rights such as the freedom of opinion.

Infosecurity notes that Kroes is the EU's antitrust commissioner and is widely tipped to switch to her new post next month if she receives the backing of the European Parliament later this month.

Business internet service vendor Entanet, meanwhile, is also supporting Google in what is developing into a war of words, with Neil Watson, the ISP's head of operations, saying that Google's withdrawal from China would be welcomed by human rights advocates throughout the world who have long campaigned for an end to the Chinese government's censorship of the internet and free speech.

"We believe that it is about time large powerful corporations such as Google (who admittedly have less dominance in the Chinese market than elsewhere in the world) stood up to the Chinese government and either withdrew their business completely or at least pro-actively challenged their censorship regulations," he said.

Data security specialist Imperva also supports Google's planned Chinese pullout, with the firm's chief technology officer, Amichai Shulman, saying that the Chinese hackers tried to gain access Google internal databases to pull passwords.

"We can presume that Google determined that the attackers were after civil rights activists from queries that the hackers tried to run on the databases containing the activists' user names," he said. "Google probably discovered the issue through audit trails when they examined the infiltrated databases," he added.

 

This article is featured in:
Application Security Compliance and Policy Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water