Attack code used to hack Google now public

The dangerous Internet Explorer attack code used in last month's attack on Google's corporate networks is now public.

The code was submitted for analysis Thursday on the Wepawet malware analysis Web site, making it publicly available. By Friday, it had been included in at least one publicly available hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee.

http://www.infoworld.com/d/security-central/attack-code-used-hack-google-now-public-224

hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists. The attack originated from China, the company said.

The attackers used nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks and obscure their activity, according to Alperovitch.

“The encryption was highly successful in obfuscating the attack and avoiding common detection methods,” he said. “We haven’t seen encryption at this level. It was highly sophisticated” ...

http://www.wired.com/threatlevel/2010/01/operation-aurora/

institutions and defense contractors, and was aimed at stealing source code from the companies, say security researchers at iDefense.

The hackers used a zero-day vulnerability in Adobe Reader to deliver malware to many of the companies and were in some cases successful at siphoning the source code they sought, according to a statement distributed Tuesday by iDefense, a division of VeriSign. The attack was similar to one that targeted other companies last July, the company said.

A spokeswoman for iDefense wouldn’t name any of the other companies that were targeted in the recent attack, except Adobe ...

http://www.wired.com/threatlevel/2010/01/google-hack-attack/

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=242x29026

I KNEW then that we'd hear something BIG come as a result of it, but this is GYNORMOUS!

Use Adobe Reader or Acrobat? Then you need to update your programs Now.
http://www.itworld.com/security/92714/update-your-adobe-software-now

Use Foxit now.

Adobe had A HALF DOZEN patches with 56 VULNERABILITIES in Acrobat 9 LAST YEAR ALONE...

http://secunia.com/advisories/product/19237/?task=advisories_2009

This is probably where all those "Google Redirect" & "Rogue" Malware Pop-ups we've been seeing lately are coming from, IMHO. I had 2 infect my machine in the space of 2 months...July 09 I had "Windows PolicePro" and about a month later another one whose moniker escapes me right now. The PolicePro was loaded when I opened a link to a newspaper story in a West Coast city (Seattle??) on a subject I was tracking with Google Alerts, and I'm 95% sure it was a pdf file. I still had Adobe at htat time. Avira detected it IMMEDIATELY, quarantined it & MBAM & SASW took care of the rest in Safe Mode.

and Evince on Linux is about equally fast for me.

It makes one wonder what exactly Adobe is doing with all those machine cycles not to mention hogging all that memory.

Then about a year ago I dumped Windows for Linux.

I'm convinced that open source will have fewer vulnerabilities in the long run simply because it has so many eyes looking at the code. And when holes are found, they are either patched quickly without stonewalling or the users will just move on to something else. There's no profit motive to protect. In either case, it's all out in the 'open.'

linked these to last July's attacks, which involved exploiting zero-day flaws in Adobe Reader 9.1.2 and Adobe Flash Player 9 and 10 to send specially-crafted PDFs.

As well as using the same emailed PDF technique to drop Trojans, the two attacks used the same HomeLinux DynamicDNS provider, pointed to the same virtual private server host owned by US-based Linode, and had IP addresses on the same subnet within a very similar address range.

"Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July," says iDefense ...

http://www.networkworld.com/news/2010/011410-google-hack-hit-33-other.html

time as Google, while other researchers are suggesting that the vulnerabilities exploited by the hackers may have involved using carefully-constructed PDF files. While the reality is likely to be more complex, the incident serves as a reminder that PDF files are a prime source of security problems ...

http://www.lifehacker.com.au/2010/01/google-hacks-reinforce-security-issues-with-pdf/

systems. The exploit affects all versions of Internet Explorer since IE 6 and can be exploited on Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2. You can see the exploit in action over here. Microsoft has published a security advisory and is working on a patch. In the meantime, it is recommended that you do not use Internet Explorer ... Vulnerabilities in Adobe’s Reader and Acrobat were also among the weaknesses utilised ...

http://techie-buzz.com/tech-news/google-hack-attack-operation-aurora.html

2 January, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies," the company said in a statement posted on its company blog. "At this time, we have no evidence to indicate that any sensitive information -- including customer, financial, employee or any other sensitive data -- has been compromised."

Security researchers hinted earlier that the attacks against Google, Adobe and dozens of other major firms were conducted using malicious PDFs that exploited one or more vulnerabilities in Adobe Reader. Analysts at Verisign's iDefense security group told Robert McMillan of IDGNews today that hackers had launched targeted attacks using a malicious document attached to email messages.

While iDefense did not identify rogue PDFs as the malformed documents, its researchers claimed that the attachments exploited a "zero-day" -- a vulnerability that had not yet been patched -- in a "one of the major document types," a definition that certainly fits Adobe's PDF format.

Only yesterday did Adobe patch a zero-day in Reader. The bug had been publicly known since mid-December, and used surreptitiously by hackers for at least several weeks before that ...

http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?RSS&NewsId=18308

raises serious concerns, U.S. Secretary of State Hillary Clinton said Tuesday.

In a statement released late Tuesday night, Clinton said that the U.S. government is taking the attack -- which Google said came from China -- very seriously. "We have been briefed by Google on these allegations, which raise very serious concerns and questions," she said. "We look to the Chinese government for an explanation" ...

http://www.pcworld.com/article/186783/google_hack_raises_serious_concerns_us_says.html

systems that originated in China.

The firm said in a blog post on Thursday that a vulnerability in the browser could allow hackers to remotely run programs on infected machines.

Following the attack, Google threatened to end its operations in China ...

http://news.bbc.co.uk/2/hi/technology/8460819.stm

American businesses. Once targeted employees clicked on a link in an e-mail or instant message, however, most current security technology was defenseless ...

The attack began when targeted employees received an e-mail or instant message that, when clicked, delivered malware to the user's machine. Had the users not clicked the links, the attack would have been stopped.

The basic advice: If you are not 100 percent sure, don't click, seems to apply ...

http://www.pcworld.com/businesscenter/article/186998/how_to_protect_ourselves_from_chinese_cyberwarriors.html