Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Elite hacker gang has unlimited supply of zero-day bugs

Gregg Keizer | Sept. 10, 2012
An elite hacker group targeting defense industry sub-contractors has an inexhaustible supply of zero-days, or vulnerabilities that have yet to be publicized, much less patched, Symantec said today.

While there's little chance an average computer user will fall victim to the targeted attacks launched by Elderwood -- generally conducted using emails aimed at specific individuals -- the gang also uses the "watering hole" strategy to infect PCs.

In a watering hole campaign, hackers identify likely targets, even to the individual level, then scout out which websites they frequently visit. Next the attackers compromise one or more of those sites, plant malware on them, and like a lion waits at a watering hole for victims, wait for unwary users to surf there.

In those cases, the general public can be, as Cox put it, "collateral damage."

Symantec's analysis of the Elderwood Project can be downloaded from its website ( download PDF).

Some of the attacks by the 'Elderwood' hacker gang have been conducted at so-called 'watering holes.'

 

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.