Code Used To Attack Google Now Public

itwbennett writes "The IE attack code used in last month's attack on Google and 33 other companies was submitted for analysis Thursday on the Wepawet malware analysis Web site. One day after being made publicly available, it had been included in at least one hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee. Marcus noted that the attack is very reliable on IE 6 running on Windows XP, and could possibly be modified to work on newer versions of IE."

Re:It doesn't matter which browser.

[dotwhynot]

It doesn't matter which browser you're using ...

If you're logged in as Administrator or a user with administrative user rights/access, while surfing the web, checking your email, etc. --> you're vulnerable.

I don't disagree with it being better not running as admin, but a lot of malware will live quite happily in your userspace. And if a user privileged account is compromised there are privilege escalation exploits to get admin level, for fx rootkit if that is what they are after. MS is on to something with the IE8 protected mode sandbox in Vista/W7, running with lover privileges than even normal user. But it's just one part of this puzzle.

Re:This is shocking!

This is exactly the reaason having kids, family, lights and such other things is EVIL.
Having them forces people to do evil things just to mantain them.

Re:Internet Explorer 6 is older than the Euro

[Grygus]

To be fair, the case we make for IE8/FF3/Win 7/whatever is the same spiel we gave them to get them to switch to IE6/FF2/Win 98. It's a never-ending treadmill, it's not surprising that they'd see the entire enterprise as a bottomless money pit and want to get off at some point.