It seems that early reports were wrong about the actual exploit used against Google and 33 other companies. The exploit code has appeared in the hands of many AV companies. It is an IE exploit and a zero-day.
Zero-day means that this was a previously unknown vulnerability, and as far as I can tell, there is no patch for it from MS as yet.
The second stage malware was a script used to insert a malicious DLL . This DLL, the third stage, is called Hydraq (by Symantec) and Roarur (by McAfee). This third stage provides remote access as well as hiding itself.
I seem to have become a prophet: the column I wrote for the December
2009 issue of ;login: focused on disabling scripting in Web browsers,
and through that, email readers as well, using NoScript. The big
news is this week is that Google has been hacked, along with 33 other
US companies (all Fortune 500) by China.
Join us in San Jose, CA, February April 28–30, 2010, for the 7th USENIX Symposium on Network Design and Implementation.
Focusing on the design principles of large-scale networked and distributed systems, the NSDI '10 program includes 29 refereed papers representing some of the outstanding work in the area, with topics including cloud services, Web browsers and servers, datacenter and wireless networks, malware, and more.