Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Google Aurora Hackers Back in Business

According to the security firm Symantec, the Chinese hackers who targeted Google in a scam called "Operation Aurora" are back in action once again. The scam caused a great tiff between the Chinese government and Google.

New indications of the same hackers have appeared who compromised Google's source code and jeopardized Chinese human rights activists, using an Adobe zero-day flaw in PDFs known as Adobe Reader 'CoolType.dll' TTF Font Remote Code Execution Vulnerability.

This kind of attack signifies that any user who downloads the exploited PDF file will locate a downloader DLL in their Temp folder, which will then download extra malware. Consequently, it efficiently evades the need to run an executable file, making it a more dangerous threat, as most of the people are wary of .exe files, and not the .pdf files.

Commenting on the issue, Karthik Selvaraj, Symantec Researcher said that the evidence found on the new series of targeted attacks shared many of the similar fingerprints as the Aurora attacks in late 2009, as reported by Threat Post on September 13, 2010. As per Symantec these two attacks are of same origin.

The security firm discovered that the recent attacks contained specially designed e-mail messages that enclosed a malicious PDF file attachment. Karthik stated that the text of the e-mail messages was quite similar to those linked with the Aurora attacks.

Furthermore, the PDFs exploited in the attack were not like others leveraging the zero day flaws that had been discovered in the wild, and all traced back to a single system in Shandong Province of China.

Furnishing some more similarities, Selvaraj said that besides, the use of a zero-day within a PDF, and how the executable was deposited on the computer all matched the Hydraq technique of operation, as reported by ComputerWorld on September 14, 2010. Symantec, in January, assigned the name "Hydraq" to the Trojan horse dropped on systems hacked by the Aurora attacks.

Though these similarities could be just a matter of chance, Selvaraj said that it seems as if these attacks originated from the same executors, as reported by The New Internet on September 14, 2010.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 9/27/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next