Today's Coming Crisis Movie

Tuesday, January 31, 2012

Researchers unearth more Chinese links to defense contractor attacks

Researchers with Symantec have uncovered additional clues that point to Chinese hacker involvement in attacks against a large number of Western companies, including major U.S. defense contractors.

The attacks use malicious PDF documents that exploit an Adobe Reader bug patched last month to infect Windows PCs with "Sykipot," a general-purpose backdoor Trojan horse.

According to findings published Thursday by Symantec's research team, a "staging server" used by the attackers is based in the Beijing area, and is hosted by one of the country's largest Internet service providers, or ISPs.

Symantec did not identify the ISP.

The staging server stores new files, many of them malformed PDFs, that are used to infected machines. Symantec found more than 100 malicious files on the server; many had been used in Sykipot campaigns.

Researchers also said that one of the attackers who connected to the staging server did so from Zhejiang province on China's eastern coast. Hangzhou is that province's capital and largest city. Read More