Investigators To Soon Find Malware Creators of ‘Aurora’ Attacks

Security specialists have been conducting forensics investigations as well as cleansing operations of computers at the companies that became victims of attacks believed to have originated from China. Also as per the specialists, they may soon identify the creator(s) of the malicious software employed for penetrating Google and others. DarkReading reported this on February 10, 2010.

Remarking about the attack's maliciousness and fierceness, Founder and CEO Greg Hoglund of HBGary stated that the assault named Operation Aurora was bigger compared to what was recognized at the thirty affected organizations. According to the CEO, the assault was still going on. DarkReading published this.

Hoglund's remark comes after a report regarding 'Operation Aurora' was published recently. The report sums up the current state of the investigation.

States a report from HBGary that a common aspect of all these assaults against the various organizations is the way they have been executed. Internet Explorer vulnerability was abused for injecting malware that installed a backdoor Trojan onto the attacked computers and networks.

Further, it's highly possible that this malicious software has been created using Chinese language. Moreover, it seems that the control mechanism is intended for Chinese computer operators. Both therefore indicate that it's a Chinese operation. However, there isn't any definite evidence which is suggestive of the Chinese government's involvement, the report says.

In fact, the world has a booming underground economy, which leaped with the use of malware and execution of data theft. Simultaneously, there exists a subculture of significant money oriented hacking in China. Considering these facts, it's probable that the 'Aurora' attacks had money as the ultimate objective. In Google's instance, with the attackers hijacking the Gmail accounts of Chinese dissidents, it is likely that the hackers managed to divert the investigators' attention from the actual criminals.

Alongside HBGary, CEO Kevin Mandia of Mandiant a forensics company also states that investigators at his company may soon find the people responsible for Operation Aurora's malware. According to Mandia, his company thinks that they know some of the malware's creators, as they can make out their trademarks, even their specific owners. DarkReading reported this.

Related article: Infection in Chinese Security Website

» SPAMfighter News - 2/18/2010