"The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learned who their friends were," the Financial Times reported. "The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent."
The attackers used a popular instant-messaging program to distribute the malware link to target employees, George Kurtz, chief technology officer at security firm McAfee, told the Financial Times. The malware exploited a hole in Internet Explorer that Microsoft patched just last week.
For more on this story, read "Report: Attackers sent Google workers IMs from 'friends'" on CNET News.