YESTERDAY we mentioned Google's reaction to attacks from China, which are now confirmed to be targeting different companies. It was not something against Google as Google is one among several victims and some people doubt there will be an exit from the largest Internet market.
Hacking Risks Persist Even If Companies Withdraw From China
Google and other enterprises still face a bleak computer security landscape that makes their companies vulnerable to hackers, whether they do business in China or not, analysts say.
More sources are now claiming the Chinese government is behind the recent cyberattacks against Google and 33 other Silicon Valley companies, reports security firm Verisign iDefense. The attacks, revealed yesterday via a posting on Google's official blog, were hacking attempts on the technology infrastructure of Google and other major corporations in sectors that included finance, technology, media and chemical, said Dave Girouard, president of Google Enterprise.
[...]
While July's attacks were detected early and were largely uneventful, December's attacks did find some success. In addition, these same sources claim that the files in both cases share similar characteristics. For example, both attacks used a backdoor Trojan in the form of a Windows DLL, and both share two similar hosts for the command-and-control (C&C) communication. In layman's terms, if the cyberattack was a ground assault during a war, the C&C would be the general barking out the orders. Also in both incidents, the IP addresses used for C&C are in the same subnet and only six addresses apart from each other. That means both attacks are likely to have been instigated by the same entity and may imply that the recent victims' technology infrastructure has been compromised since July.
As the name suggests, the carefully crafted assaults differ from the net-cast-wide malware most often seen. A targeted attack specifically selects its victim and generally sends an e-mail using that person's name and perhaps business title. The body of the message might reference an attached list of business contacts, or describe it as an invoice, or use any other hook that would allay suspicion and convince the victim to double-click the attachment.
The same group that used a DNS attack to hijack Twitter last month has defaced the home page of Chinese search engine Baidu.
Surfers visiting Baidu site on Monday night were confronted by the message "This site has been hacked by Iranian Cyber Army", together with an image of the Iranian flag. Early speculation suggests the attack involved changing Baidu's DNS records rather than a direct attack on the site itself, but this remains unconfirmed.
Comments
Yuhong Bao
2010-01-15 01:50:57
Roy Schestowitz
2010-01-15 02:29:34
Yuhong Bao
2010-01-15 16:54:44
your_friend
2010-01-15 04:38:20
Windows needs to be taken off the web before it ruins the web for everyone.
Yuhong Bao
2010-01-15 16:53:06
Yuhong Bao
2010-01-15 17:32:17
Yuhong Bao
2010-01-15 17:57:12
Roy Schestowitz
2010-01-17 00:00:43
Adobe Flaw Wasn't Part of Attack on Google
http://www.pcworld.com/article/187043/adobe_flaw_wasnt_part_of_attack_on_google.html?tk=rss_newsNotZed
2010-01-15 11:51:20
(TBH, I don't have much sympathy with anyone using Microsoft Windows and being taken advantage of - in an informed world they have some responsibility for their dumb decisions too.)
Needs Sunlight
2010-01-15 14:22:26
Microsofters were complaining that University educated engineers and technical staff, " someone on team fresh out of college", knew better than to run Microsoft products. See slide 2: http://groklaw.net/staticpages/index.php?page=ComesExhN04#E9346
Roy Schestowitz
2010-01-15 15:24:37
Yuhong Bao
2010-01-15 17:59:12
Roy Schestowitz
2010-01-15 19:13:26