All the latest UK technology news, reviews and analysis
|
|
|
12 Mar 2011
Google has warned that it has discovered highly targeted and apparently politically motivated attacks launched against some of its users.
In a blog post reminiscent of the revelation in January 2010 that it was being hacked by attackers in China, Google's Security Team said that activists may have been the specific target in these attacks.
"We've noticed some highly targeted and apparently politically motivated attacks against our users," the post read.
"We've also seen attacks against users of another popular social site. All these attacks abuse a publicly-disclosed MHTML [MIME HTML] vulnerability for which an exploit was publicly posted in January 2011."
The vulnerability in question involves the way Windows manages web pages featuring content formatted in the MIME internet standard.
At the time of its discovery, Microsoft said that an attacker could exploit the vulnerability by convincing the user to click on a link to a page containing a malicious script that targets the MHTML component.
Once exploited, the vulnerability could give an attacker access to the user's browser, potentially allowing the harvesting of personal information or cross-site scripting and spoofing attacks.
Although Microsoft has yet to come up with a patch to the flaw, it has issued a temporary Fixit to block the attack which the Google team recommended concerned users and corporations download now.
"To help protect users of our services, we have deployed various server-side defences to make the MHTML vulnerability harder to exploit," the team wrote.
"That said, these are not tenable long-term solutions, and we can't guarantee them to be 100% reliable or comprehensive. We're working with Microsoft to develop a comprehensive solution for this issue."
Google also warned that the attacks represent a more sophisticated level of skill among hackers in exploiting web vulnerabilities.
"To date, similar attacks focused on directly compromising users' systems, as opposed to leveraging vulnerabilities to interact with web services," the firm said.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Development Manager / PHP Developer / MySQL / LAMP...
Process Expert for Information/Content Management...
SQL Server / SSIS / ETL / T-SQL Data Migration A...
Linux Systems Administrator / Linux CentOS / Network...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?