

Sleuths Trace New Zero-Day Attacks to Hackers Who Hit Google - jpdus
http://www.wired.com/threatlevel/2012/09/google-hacker-gang-returns/all/

======
vectorbunny
A pdf of the Symantec report 'The Elderwood Project' can be downloaded from
<http://bit.ly/Q07MpB>

(not a Symantec employee, just following the links)

~~~
sp332
Unshortened:
[http://www.symantec.com/content/en/us/enterprise/media/secur...](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-
elderwood-project.pdf)

edit: That's a lot of bitly links to "Symantec Connect Community"
<https://bitly.com/u/threatintel.rss>

------
wrekkuh
Leveraging the 'watering hole' technique to penetrate into one network in
order to gain entry into another more compelling system (the actual target),
is clever but nothing new. The recon work represented by Semantec's technical
report, however, is fascinating to me. It's a great summary of the attacker's
methods; reusing code, quality of code used, and statements (albeit brief)
about comparing the techniques used in what would normally seem as unrelated
attacks.

I also found it no surprise that 0days in this case were routinely wrapped in
shockwave to deliver payloads for guaranteed execution.

AV companies may be snake oil salesmen, but i hope they at least fund research
like this a bit more aggressively.

~~~
TheCapn
R&D in the likes of this is virtually sunk cost to the company. In order for
researchers to conduct the work like this they typically need two things:

1) A bountiful supply of cash 2) A reputation

#1 pays the bills, #2 gets them in the door. Symantec and others make their #1
with the snake oil such that they can afford to lose a bit of #1 in order to
gain #2. With enough #2 they can hire big names, work with large companies and
suddenly you have a pretty strong group that's capable of writing articles
like this.

In all hopes we'll see this type of malware understanding get pushed through
to the actual detection schemes. Instead of reactionary scanning and detection
of files we can start to look towards behavioral scanning. False positives are
probably the worst part to the consumer about this since they just want their
snake oil without side effects.

------
tytso
...and if this doesn't scare you away from using Windows (or allowing Windows
to be used anywhere within your company), I'm not sure what will...

~~~
ZoFreX
This is a very short-sighted response in my opinion. They've been finding
zero-days in a wide variety of software, so if you are a target, not running
Windows isn't going to help you much.

I don't think any part of this is scary because, let's be honest, none of us
are likely at all to ever be the target of such a sophisticated attack.

