NEWS FROM THE LAB - Wednesday, January 13, 2010

Targeted Attacks Against Google Posted by Mikko @ 10:06 GMT

To the memory of Google.cn, image from i.imgur.com/5xJmy.jpgOver the few last years, we've worked with dozens of companies who have been hit with targeted attacks, ie. espionage trojans. Not a single one of these companies went public with the information.

Amazingly, Google has now done just that. They've announced they were hit with a targeted trojan. The aim of the attack was to gain access to Gmail accounts of Chinese human right activists. Google also goes on to directly blame the Chinese Government for the attack, and announce that as a result, they plan to stop censoring google.cn search results. Wow.

We believe the attack was launched via a convincing e-mail with an exploit-ridden PDF attachment. Updated to add: We were wrong, the attack was done with an IE 0-day attack instead.

Adobe has yesterday released security updates for Adobe Reader, closing several vulnerabilities.

Amazingly, at the same time Adobe has also announced that they were hit by a targeted attack as well. Maybe somebody was trying to gain access to their development systems in order to find out new vulnerabilities for future attacks?


We have warned about attacks like this several times.

To get a better idea of how these attacks work, here's a YouTube video we have created about Targeted Attacks:


And here's another video that shows a screen capture of what it actually looks like when you open a booby-trapped PDF file.

And here are selected blog posts on the topic:

  •  Case Ghostnet
  •  Behind Ghostnet
  •  Several examples of what the attack documents have looked like
  •  The mystery of Sergeant "nbsstt"
  •  How we found the PDF generator used in some of these attacks