Google hack speculation debunked

Internet Explorer
Microsoft says a flaw in Internet Explorer was one of the vectors used in the attack on Google

OK, I put my hands up - I got it wrong.

In an article I wrote for TechRadar yesterday I speculated that a vulnerability in Adobe's PDF reading software could be to blame for the targeted attacks against Google, Adobe, and other unnamed companies.

New information coming from Microsoft and Adobe, however, casts doubt on this. It now appears that a previously unknown vulnerability in many versions of Internet Explorer could not just have been exploited by the hackers trying to break into Google and other firms, but could also pose a risk to millions of Internet Explorers worldwide.

Microsoft has released a security advisory about the vulnerability, for which there is currently no patch available. Security vendor McAfee has blogged more about the investigation into the hack, dubbing it Operation "Aurora" after strings contained inside some of the malicious code.

System administrators and computer owners around the world will be holding their breath that an official patch from Microsoft arrives sooner rather than later - it would be unfortunate if an "out-of-band" patch cannot be produced before Microsoft's next scheduled patch update on 9 February.

In the meantime, Microsoft is recommending that Internet Explorer users use Data Execution Prevention (DEP) - a technology that is enabled in Internet Explorer by default but needs to be turned on in earlier versions.

Read more about the mitigation advice and workarounds from Microsoft, which can reportedly help block attack vectors, until an official patch available.

To reiterate - researchers investigating the Google/Adobe hack say that they have found no evidence so far of the attack exploiting vulnerabilities in Adobe's software. Indeed, a blog post from Adobe has debunked yesterday's speculation.

Although the Internet Explorer security hole has been named in relation to the high profile hacking case it seems extremely likely that the hackers also used other tricks to infect systems.


Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his award-winning blog on the Sophos website you can find him on Twitter at @gcluley.