Code Used To Attack Google Now Public

itwbennett writes "The IE attack code used in last month's attack on Google and 33 other companies was submitted for analysis Thursday on the Wepawet malware analysis Web site. One day after being made publicly available, it had been included in at least one hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee. Marcus noted that the attack is very reliable on IE 6 running on Windows XP, and could possibly be modified to work on newer versions of IE."

Re:It doesn't matter which browser.

[dotwhynot]

It doesn't matter which browser you're using ...

If you're logged in as Administrator or a user with administrative user rights/access, while surfing the web, checking your email, etc. --> you're vulnerable.

I don't disagree with it being better not running as admin, but a lot of malware will live quite happily in your userspace. And if a user privileged account is compromised there are privilege escalation exploits to get admin level, for fx rootkit if that is what they are after. MS is on to something with the IE8 protected mode sandbox in Vista/W7, running with lover privileges than even normal user. But it's just one part of this puzzle.