January 19, 2010

Google Hack Leaked to Internet; Security Experts Urge Vigilance!

The code that was used to hack Gmail accounts in China is now publicly available on the Internet, and security experts are urging computer users throughout the world to be highly vigilant until a patch can be developed.

The hack involves Internet Explorer 6, the browser that came with the Windows XP operating system that, while outdated, still powers millions of businesses and home computers and is now dangerously compromised.

On Thursday, the code that was used to hack Gmail accounts in China and led Google to threaten to close shop there was posted to malware-analysis web site Wepawet. By Friday, security site Metasploit had posted a demonstration of just how easily the exploit can be used to gain complete control over a computer.

Gregg [Michael Gregg, head of *Superior Solutions Inc*] calls it “spearphishing.” “They target the user with an e-mail that would appeal to them, one that leads to a site that launches malicious code onto your system.” And the IE 6 exploit makes it particularly easy to slip that code on your computer.

Staying on top of current security patches, using firewalls, updating Web browsers and running intrusion detection software is the first part of staying safe. But since most attacks rely upon spearphishing or some similar end-user exploit, Gregg suggests a training program that would warn users that if an e-mail link looks too good to be true, it probably is — don’t click on it.

Read full story here.