Print
Security firm McAfee said today that the recent China-based attack on Google and other companies was the result of a new security hole in Internet Explorer. McAfee says the vulnerability is not publicly known, but they have informed Microsoft and expects them to take action soon. So a Microsoft product could be the indirect cause of Google pulling out of China. This must be Microsoft’s favorite software vulnerability ever.
McAfee’s George Kurtz wrote on the companies official blog, “These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer." Kurtz was also careful to point out that they have only confirmed that Internet Explorer was a vector of attack; there could have been others.
Further, McAfee says they have cleared Adobe Reader of involvement in the attacks. This comes after several reports implicated the oft exploited software suite.
Comments are closed on this article
decapitor
January 15, 2010 at 9:25am
I just had an autoplay ad video with sound start when viewing this article MaxPC. That's a pretty huge no-no if you want people to come back to your site.
AndrewEgel
January 15, 2010 at 12:43am
So its the browser's fault for allowing the infection for coming in? Not McAfee antivirus program that should be doing that?
Seriously?! Why are "we" (we being a general term for people listening to McAfee's "announcements") listening to McAfee's predictions and announcements? They make a horrible product.
Once McAfee comes out with something respectable then I will start listening.
somethingelse
January 15, 2010 at 7:55am
You obviously never used McAfee ePolicy and only used their home products, which do kind of blow. But their enterprise protection products aren't bad, better then most alternatives in the price range.
If companies like McAfee, Kaspersky and Symantec didn't make announcements about security vulnurabilities, then wtf would? I agree this announcement may not be true, it will take a couple of more days to confirm it, but at least someone is working on preventing this from happening again using the same methods these hackers used...of course it won't be long till they find another way :)
what signature, where do i sign?
Cy-Kill
January 15, 2010 at 6:07am
I don't even think any of Google's servers in run a version of Windows Server, so why is this even news, it's just as bad as when Symantec speaks!
Cy-Kill
