Targeted attacks on Google and more than 30 other US companies late last year bear striking similarities to targeted attacks on 100 US companies last summer, a security researcher familiar with the attacks said on Tuesday.
Last July, workers at about 100 US technology companies were targeted with emails containing malicious PDF files that exploited a zero-day vulnerability in Adobe Reader. The attacks were detected early and there were no serious consequences, said Eli Jellenc, head of international cyber intelligence at Verisign iDefense.
In mid-December, Google, Adobe, and a host of other Silicon Valley companies were targeted by attacks originating in China, prompting Google to say that it will stop censoring its Chinese search results and to threaten to pull out of that market. The latest attacks also involved malicious PDF files in email attachments and the code was similar to the previous attack, Jellenc said.
Coincidentally, Adobe on Tuesday patched a zero-day vulnerability in Reader and Acrobat that was discovered in mid-December and was being exploited by attacks in the wild to deliver Trojan horse programs that install backdoor access on computers. Jellenc said he could not say for sure whether that was the vulnerability targeted in the attacks on Google and the others.
For more, read "Unpatched Adobe holes link Google and earlier attacks" from CNET News.