Unpatched Adobe holes link Google and earlier attacks

Unpatched Adobe holes link Google and earlier attacks

Summary: A security expert says targeted attacks on Google and more than 30 other US companies late last year bear striking similarities to targeted attacks on 100 US companies last summer.

SHARE:
TOPICS: China, Google, Security
8
Targeted attacks on Google and more than 30 other US companies late last year bear striking similarities to targeted attacks on 100 US companies last summer, a security researcher familiar with the attacks said on Tuesday.

Last July, workers at about 100 US technology companies were targeted with emails containing malicious PDF files that exploited a zero-day vulnerability in Adobe Reader. The attacks were detected early and there were no serious consequences, said Eli Jellenc, head of international cyber intelligence at Verisign iDefense.

In mid-December, Google, Adobe, and a host of other Silicon Valley companies were targeted by attacks originating in China, prompting Google to say that it will stop censoring its Chinese search results and to threaten to pull out of that market. The latest attacks also involved malicious PDF files in email attachments and the code was similar to the previous attack, Jellenc said.

Coincidentally, Adobe on Tuesday patched a zero-day vulnerability in Reader and Acrobat that was discovered in mid-December and was being exploited by attacks in the wild to deliver Trojan horse programs that install backdoor access on computers. Jellenc said he could not say for sure whether that was the vulnerability targeted in the attacks on Google and the others.

For more, read "Unpatched Adobe holes link Google and earlier attacks" from CNET News.

Topics: China, Google, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • M$ is part of this attack

    Those adobe holes were windoze only, and M$ should take responsability for its poor design and Google's damaged reputation.
    Linux Geek
    • M$ is NOT part of the attack.

      They merely provide the tech necessary to make these attacks possible, that's all.
      The Mentalist
      • M$ was accessory to the crime

        if not the criminal given its interest to subminate Google and Adobe.
        Linux Geek
    • Not even remotely true

      You're an idiot.. Microsoft didn't create Reader. How can you even link the two?
      Hiveon
  • moved

    .
    The Mentalist
  • Adobe targeted too?

    Seems Adobe was targeted too. By a zero day PDF flaw. Irony.

    What would they want at Adobe? Source code for Acrobat Reader? Wonder if they managed to get it. With the source code they'd be able to look for more zero day exploit possibilities. That would be a gold mine for them.
    notlob
  • delete

    delete
    Hiveon
  • RE: Unpatched Adobe holes link Google and earlier attacks

    Wouldn't there be obvious signs that the emails are spam? Why would they even open them. I mean, i get dozens of emails a week with attachments and whatnot and I don't touch the stuff. If it's really that big of an issue, these companies should keep emails on a closed network so these hackers can't gain access to whatever they're after.
    Hiveon