"Exploit code for the zero-day hole in Internet Explorer linked to the China-based attacks on Google and other companies has been released on the Internet, Microsoft and McAfee warned on Friday.
"Meanwhile, the German federal security agency issued a statement on Friday urging its citizens to use an alternative browser to IE until a patch arrives.
" 'We still only see limited targeted attacks affecting Internet Explorer 6,' Jerry Bryant, senior security program manager lead at the Microsoft Security Response Center, said in a statement. 'While newer versions of Internet Explorer are affected by this vulnerability, mitigations exist that make exploitation much more difficult.'
"McAfee researchers have seen references to the code on mailing lists and confirmed that it has been published on at least one Web site, the company's Chief Technology Officer George Kurtz wrote in his blog. 'The exploit code is the same code that McAfee Labs had been investigating and shared with Microsoft earlier this week,' he said.
" 'The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability,' Kurtz wrote. 'The now-public computer code may help cybercriminals craft attacks that use the vulnerability to compromise Windows systems. Popular penetration testing tools are already being updated to include this exploit.' Microsoft issued a warning on Thursday about the new hole and said it was working on a patch. The vulnerability affects IE 6, 7 and 8 on all the modern versions of Windows, including Windows 7, according to Microsoft's advisory. Microsoft said IE 6 was the browser version being used on the computers that were targeted in the attacks. Google disclosed the attacks targeting it and other U.S. companies on Tuesday and said the attacks originated in China. Human rights activists who use Gmail also were targeted, Google said.
"The company said it discovered the attacks in mid-December and while it did not specifically implicate the Chinese government, it says that as a result of the incidents, it may withdraw from doing business in China. Sources familiar with the attack code say the attacks are similar to previous attacks on U.S. corporations that were linked to the Chinese government or proxies operating for the government. Source code was stolen from some of the more than 30 Silicon Valley companies targeted in the attack, sources said. Adobe has confirmed that it was targeted by an attack, and sources have said Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical also were targets.
"McAfee says references in the IE-related attack code it analyzed indicate that the attackers called the operation 'Aurora' and that the attack was extremely sophisticated" (http://news.cnet.com/8301-27080_3-10436083-245.html, accessed 01-16-2010).