The Google compromise in China story builds interest as Microsoft released an advisory and blog post on the relevant Internet Explorer browser vulnerability, crediting “details” to Google, Mandiant and others. A number of factors are unfolding a dramatic story here, with the detection of a 20-year old Stanford student’s computer targeted and attacked (it seems to be no surprise that a regional coordinator of Students for a Free Tibet would be another target), and mention of Sergey Brin’s own Russian refuge background reported “The source told the Guardian the company’s decision was largely influenced by the experiences of Sergey Brin’s Russian refugee background.”

The 0day Google hack attacked a invalid pointer reference within Internet Explorer. It seems that malicious web links were visited by Google employees, resulting in FUD spyware installations on their workstations. Over the past couple of decades, this type of vulnerability has been exploited and sometimes resulted in hugely prevalent and successful exploits on the web, such as the infamous createTextRange Internet Explorer mshtml.dll hole.

Update: Google China employees seem to have been given an early holiday, according to Tech Crunch IMers.

The trojan itself has been analyzed and described on our ThreatExpert blog here and more information from Symantec on the attacks here.

This entry was posted on Friday, January 15th, 2010 at 10:42 am and is filed under 0day, Security breach, Spyware, Targeted attack. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.