Researchers clash over possible return of Google attackers
Is the group behind the Google hack responsible for a new round of 'scary' PDF attacks?
Computerworld - Researchers on Monday clashed over whether recent attacks that exploit a bug in Adobe Reader are the work of the group that hacked Google and dozens of other major corporations late last year.
On one side, Mountain View, Calif.-based antivirus giant Symantec, whose security analysts said they've found evidence suggesting that the group which wormed its way into Google's corporate network in December 2009 is back in business.
On the other, Atlanta's much smaller SecureWorks, where researcher Don Jackson said that Symantec had "comingled" evidence of two separate attacks.
At issue were recent PDF-based exploits attached to messages touting renowned golf swing coach David Leadbetter that have exploited an unpatched bug in Adobe's popular Reader PDF viewer.
Security experts have called that exploit "scary" and "clever" for the way it sidesteps critical Windows defenses designed to isolate malicious code and make it harder to execute malware.
Those attacks went public last week, when independent security researcher Mila Parkour reported the flaw to Adobe, then published her preliminary findings. Adobe issued a security warning a day later, and on Monday announced it would patch the problem early next month.
Symantec, which has found signs of attack e-mails going back to at least Sept. 1, fired the first shots early Monday when company researcher Karthik Selvaraj said that the wording of the Leadbetter e-mails was "very similar" to the phrasing used in the attacks against Google and others in January 2010. Those attacks were dubbed "Operation Aurora" by a McAfee researcher.
Google traced the Aurora attacks to Chinese hackers, prompting it to threaten shutting down its China operations. This summer, Google compromised with China's authorities over censorship issues, and remains part of the China search scene.
At the time, Google characterized the attacks as "highly sophisticated and targeted," and said at least another 20 major companies were also subjected to the same kind of assaults.
"We looked at how they're distributing and propagating the [newest] attacks," said Joe Chen, the director of engineering in Symantec's security response group today in an interview, talking about why his company believes the two attacks are the likely work of the same group.
Selvaraj provided more similarities. "In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq method of operation," said Selvaraj.
"Hydraq" is the name Symantec assigned in January to the Trojan horse deposited on PCs compromised by the Aurora attacks.
"They're using the same techniques as Hyrdraq, leading us to believe that either it's two groups sharing knowledge or one group responsible for both," added Chen.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts