Chinese hackers used Microsoft browser to launch Google strike

The world's biggest software company today issued a security advisory and warned of a loophole that was used by Chinese hackers to attack dozens of US companies - the same attack that led Google on Tuesday to announce its plan to drop the censorship of its search engine in China.

"In a specially-crafted attack... Internet Explorer can be caused to allow remote code execution," said Microsoft in its security alert.

The company added that it had not yet fixed the vulnerability in the world's most popular web browser, which is used by around two thirds of internet users.

The attacks, which apparently attempted to steal personal information on Chinese dissidents and the code that runs some of Google's critical services, also hit a number of other companies, said to include Yahoo and US defence contractor Northrop Grumman.

Microsoft confirmed the existence of the loophole after an investigation by internet security firm McAfee and information from Google and Adobe.

"As with most targeted attacks, the intruders gained access to an organisation by sending a tailored attack to one or a few targeted individuals," said George Kurtz, McAfee's chief technology officer, adding that the hackers would then use the Internet Explorer bug to infect the victim's computer.

"Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company."

The company's admission is at odds with earlier consensus - largely based on a report from security firm iDefense - that it was Adobe's own software that had been used for the attacks.