It seems that Microsoft’s Internet Explorer web browser was one of the platforms exploited during the by now infamous attack on Google and a number of other companies doing business in China.
It’s certainly an interesting case, but it would be a touch unfair to say that Microsoft’s software is to blame for the attack. Indeed, it seems that Microsoft itself has been fairly quick to admit that a portion of the attacks came from IE, but even that admission points out that its browser was only one part of a complicated attack.
According to Reuters, Microsoft’s statement essentially says that a flaw in its own Internet Explorer was “one of the vectors” that was used in the Chinese attack. Microsoft’s suggestion that users turn their security settings up to their highest is, somehow, not quite as reassuring as we’d imagine the company intended it to be, but it is by no means the most interesting piece of news to have come out of the report about the attack itself.
Perhaps the single most interesting news comes from McAfee, which has been hired to research the attack. It was McAfee that uncovered some of the details of the exploitation of Internet Explorer during the hack, but there’s another revelation that’s far more interesting…
According to McAfee’s vice president of research, Dmitri Alperovitch, “We have never seen attacks of this sophistication in the commercial space… We have previously only seen them in the government space.”
Of course, it’s all speculation, but it’s certainly an interesting statement to have put out there. It’s a weird event and it looks as though it’s getting weirder the more people look into it.