McAfee Committed Mistake Linking Malware to ‘Operation Aurora’

According to the internet security firm McAfee, some malware that were classified as part of Google attacks had no connection with targeted attacks to throw out Google from China. In fact, the attacks spread separate infection.

On March 30, 2010, McAfee disclosed that the Company's initial reports on Google attacks, which were branded as 'Operation Aurora,' had wrongly linked several corrupt files to the attacks. However, those files had no connection with Aurora at all.

Security researchers revealed that Aurora was a sophisticated spying operation designed to steal intellectual property from major operations. The operation Aurora was associated with attacks on Intel, Google, Adobe, Symantec and other companies.

The files, which had been wrongly connected with Operation Aurora in the initial research of McAfee, were actually linked to an active botnet network. This botnet was designed to attack computers of Vietnamese activists.

Dmitrie Alperovitch, Vice President of Threat Research, McAfee, said that while investigating the operation, the company was in the fog of war probing the operation, as reported by Dark Reading on March 31, 2010. McAfee was involved in the aftermath investigation and cleaning up computers of several dozens companies hit by the Aurora attacks.

Alperovitch further added that the company was dealing with a large number of machines and its prime objective was to identify infections. The company believed that the identification of infection would enable it to publish plethora of information about the infected machines. But when the company did more investigation, it found that the infection was a part of completely different attacks.

Although Aurora's main function was to steal intellectual property from its victims, other malware attacks were not as sophisticated and concerned with setting up of botnet that could be used for waging distributed of denial service (DDoS) attacks.

In addition, the security researchers at McAfee said that the confusion regarding linking other malware attacks with Aurora victims' machines did not derail its forensic investigation. McAfee didn't go to public with the mistake it committed until now because it lacked enough facts. The company asked apology with other researchers working on the project by making them all clear about the facts.

Related article: McAfee Alerts Windows about Accessibility Hole in Vista

» SPAMfighter News - 4/10/2010