McAfee, the big security software maker, has been investigating the China-based cyberattacks that prompted Google to threaten to pull out of China altogether. ... In a blog post on Thursday afternoon, McAfee said that after examining the malicious software code used in the attacks, it believes a vulnerability in Microsoft’s Internet Explorer browser was an important pathway for the attacks, which were directed at Google and more than 30 other companies:
These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.
Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.