Google hack attack code hits the web

Hackers have already been exploiting the unpatched flaw in IE

The code used in the recent Google hack to exploit a vulnerability in Microsoft's Internet Explorer browser has been published on the internet, raising the possibility of more attacks.

McAfee chief technology officer George Kurtz explained in a blog post that researchers for the firm have seen references to the code on mailing lists, and that it has been published on at least one web site.

An attacker could use the flaw to gain control over a user's system by tricking them into visiting a rigged web page, he said.

"The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability," warned Kurtz.

"The now public computer code may help cyber criminals craft attacks that use the vulnerability to compromise Windows systems. Popular penetration testing tools are already being updated to include this exploit. This attack is especially deadly on older systems running XP and Internet Explorer 6."

Microsoft issued a security advisory on Thursday admitting that Internet Explorer could be used to allow remote code execution, and said it may release an out-of-cycle patch for the flaw.

"At this time, we are aware of limited, targeted attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if the situation changes," noted the advisory.

The flaw has been taken very seriously by organisations across the globe. The German government is recommending its citizens use an alternative browser to IE until the vulnerability is patched.