Google was able to determine, by examining the server, that the hackers had struck numerous other companies, she said. Google said in its Tuesday announcement that 20 other companies had been hacked. But iDefense found evidence that at least 33 were targeted. The recent attacks bear a strong resemblance to another attack that occurred in July , which targeted about IT companies, iDefense says.
In that earlier attack, the hackers also sent targeted e-mail to companies with a malicious PDF attachment, but it's unclear how successful that attack was.
According to Ryan Olson, an analyst for iDefense, the attacks in July and December targeted different vulnerabilities. The vulnerability the hackers are believed to have used in December also affected Reader and Acrobat. Olson told Threat Level that the attackers are "incredibly good" at finding new exploits and infecting the right people but that nothing he'd seen in the malware indicated they were above average in writing malicious code.
The iDefense spokeswoman told Threat Level that her company waited a week to disclose details about the attack until after Google went public with the news that it had been hacked. She said it's her understanding that Google's source code was targeted in the hack attack. Adobe's announcement didn't discuss specifically whether hackers had stolen its source code but said that it had "no evidence to indicate that any sensitive information -- including customer, financial, employee or any other sensitive data -- has been compromised" in the attack.
This post was updated with information from Olson about the malware used in the attack and to add comment from Linode. It also was updated to clarify that the Hydraq trojan and PDF exploit were used to breach some of the companies, but not all of them. Kim Zetter is an award-winning, senior staff reporter at Wired covering cybercrime, privacy, and security.
She is writing a book about Stuxnet, a digital weapon that was designed to sabotage Iran's nuclear program. Senior Writer, Wired Twitter. Topics Adobe China cybersecurity Gmail google hacks. Microsoft also recently reported that PDF exploits remain a potent part of hackers' arsenals. In its newest Security Intelligence Report , Microsoft said that nearly half of all browser-based exploits in the second half of targeted Adobe's Reader.
McAfee rival Symantec Corp. And two of 's top five exploited vulnerabilities were in Adobe Reader. Adobe declined to comment specifically about McAfee's and Microsoft's statistics on Reader vulnerabilities. Instead, a spokeswoman forwarded a statement the company has used before. The company's latest security move attempts to address the update issue; on April 13, Adobe activated a service that silently updates customers' copies of Reader and Acrobat. Adobe may be working on other ways to beef up Reader and Acrobat.
According to one security researcher, Adobe will add sandboxing defenses to its PDF software this year. Sandboxing, perhaps best known as a technique used by Google 's Chrome browser, isolates processes from each other and the rest of the machine, preventing or hindering malicious code from escaping an application to wreak havoc or infect the computer.
Adobe has acknowledged it will add sandboxing to Flash -- another of its products that is frequently targeted by exploits -- and has that at the top of its to-do list, according to Paul Betlem, senior director of Flash Player engineering.
Reader may or may not get sandboxing as well. When asked about the reports that Reader 10 would include sandboxing defenses, a company spokeswoman said Adobe had not announced plans but was "investigating how to get different features to work in a sandbox.
McAfee's Dirro said adding sandboxing to Adobe Reader would be a smart move. Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. His e-mail address is gkeizer ix.
Here are the latest Insider stories.
0コメント