Google Aurora Hackers Back in Business
According to the security firm Symantec, the Chinese hackers who targeted Google in a scam called "Operation Aurora" are back in action once again. The scam caused a great tiff between the Chinese government and Google.
New indications of the same hackers have appeared who compromised Google's source code and jeopardized Chinese human rights activists, using an Adobe zero-day flaw in PDFs known as Adobe Reader 'CoolType.dll' TTF Font Remote Code Execution Vulnerability.
This kind of attack signifies that any user who downloads the exploited PDF file will locate a downloader DLL in their Temp folder, which will then download extra malware. Consequently, it efficiently evades the need to run an executable file, making it a more dangerous threat, as most of the people are wary of .exe files, and not the .pdf files.
Commenting on the issue, Karthik Selvaraj, Symantec Researcher said that the evidence found on the new series of targeted attacks shared many of the similar fingerprints as the Aurora attacks in late 2009, as reported by Threat Post on September 13, 2010. As per Symantec these two attacks are of same origin.
The security firm discovered that the recent attacks contained specially designed e-mail messages that enclosed a malicious PDF file attachment. Karthik stated that the text of the e-mail messages was quite similar to those linked with the Aurora attacks.
Furthermore, the PDFs exploited in the attack were not like others leveraging the zero day flaws that had been discovered in the wild, and all traced back to a single system in Shandong Province of China.
Furnishing some more similarities, Selvaraj said that besides, the use of a zero-day within a PDF, and how the executable was deposited on the computer all matched the Hydraq technique of operation, as reported by ComputerWorld on September 14, 2010. Symantec, in January, assigned the name "Hydraq" to the Trojan horse dropped on systems hacked by the Aurora attacks.
Though these similarities could be just a matter of chance, Selvaraj said that it seems as if these attacks originated from the same executors, as reported by The New Internet on September 14, 2010.
Related article: Google Rectifies Gmail flaw in Three Days
» SPAMfighter News - 27-09-2010