Researchers unearth more Chinese links to defense contractor attacks

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9223765/Researchers_unearth_more_Chinese_links_to_defense_contractor_attacks

By Gregg Keizer
Computerworld
January 27, 2012

Researchers with Symantec have uncovered additional clues that point to 
Chinese hacker involvement in attacks against a large number of Western 
companies, including major U.S. defense contractors.

The attacks use malicious PDF documents that exploit an Adobe Reader bug 
patched last month to infect Windows PCs with "Sykipot," a 
general-purpose backdoor Trojan horse.

According to findings published Thursday by Symantec's research team, a 
"staging server" used by the attackers is based in the Beijing area, and 
is hosted by one of the country's largest Internet service providers, or 
ISPs.

Symantec did not identify the ISP.

The staging server stores new files, many of them malformed PDFs, that 
are used to infected machines. Symantec found more than 100 malicious 
files on the server; many had been used in Sykipot campaigns.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn