More than 20 companies including Google may have been hit by hack attacks, made possible by a flaw in Microsoft’s browser
The German government has issued a warning over the security issues surrounding Internet Explorer, following a hack attack against a number of high-profile tech companies that is thought to have originated in China.
In a statement released late last week, the German Federal Office for Security in Information Technology (BSI) attributed a series of hack attacks against Google and other US companies to a zero-day security flaw in Microsoft’s Internet Explorer browser, which the technology company has yet to fix.
Commenting on the news, Graham Cluley, security expert from anti-virus specialist Sophos explained that the vulnerability in IE allowed for a Trojan Horse attack to be initiated against the user’s PC. “The vulnerability means that a hacker could send you a message, perhaps pretending to be from a colleague or friend, and – if you clicked on a link in that email – your vulnerable installation of Internet Explorer would visit a malicious webpage infecting your Windows PC with a Trojan horse,” he stated on his blog.
According to Clulely, the Trojan horse attack could allow hackers to gain control of the user’s PC and steal confidential information. “At that point the hackers could effectively grab control of your computer, with the potential of stealing company secrets, personal information or using it to spread spam or other attacks,” he stated. “The problem is that right now Microsoft doesn’t have a patch to fix their software.”
Microsoft was approached for comment on whether it plans to issue a fix for the zero-day flaw but did not reply in time for this article. “The German government’s advice that Internet users should switch to alternative browsers is unlikely to be well received at Microsoft, and pressure is sure to grow on the company to release an “out-of-band” patch to resolve the security flaw as soon as possible,” commented Cluley.
Last week, Google announced plans to shut down its operations in China amid concerns about a cyber-attacks and repeated efforts to access the Gmail accounts of Chinese activists. A Google investigation found that at least 20 other companies in a variety of sectors had been “similarly targeted,” according to a blog post from Google chief legal officer David Drummond, who is also senior vice president of corporate development at Google. “We are currently in the process of notifying those companies, and we are also working with the relevant US authorities,” he stated.
But despite the controversy around China’s involvement in the hack attack against Google, Cluley pointed out that Germany also had a history of cyber-espionage. “With all this talk about state-sponsored cyber-spying originating from China clearly spooking the German authorities, it’s perhaps a little ironic that the Germans themselves were accused of using the Internet and malware to spy on another country a couple of years ago,” he stated.