The code was submitted for analysis Thursday on the Wepawet malware analysis Web site, making it publicly available. By Friday, it had been included in at least one publicly available hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee.
The attack is very reliable on Internet Explorer 6 running on Windows XP, and it could possibly be modified to work on more recent versions of the browser, Marcus said. "The game really changes now that it's hosted publicly," he said.
A hacker could use the code to run unauthorized software on a victim's computer by tricking them into viewing a maliciously crafted Web page.
IE exploit code used in Google attack is now public
Posted on Sunday, January 17 2010 @ 21:16 CET by Thomas De Maesschalck
ITWorld reports the attack code that was used in the hack on Google's corporate networks (and at least 33 other companies) is now public: