Some great whitepapers on the Aurora attacks

While the Aurora attacks were a good user awareness situation, it has become a lot of hype and three letter acronyms about something that has been happening for a longer period of time.

A few whitepapers have appeared that give us some juicy details about the dropper and backdoor and domain names used in the attacks. As well as the information they were after. Although ending with some vendor pitches, some are interesting read.

1. The first one is a report from HBGary which you can download here. It contains some good technical information about the dropper and malware used.

2. Then there is this McAfee whitepaper which has a lot more marketing fluff and more suited for CISA/Auditors (personal information will be asked for downloading but is not verified). A few good points but less technical details. It’s mainly about the SCM they targeted.

Specifically, we have concluded that, in several cases, the attackers executed precision strikes to gain access to source code configuration management systems (SCMs) at targeted companies. SCMs are used by software engineers to manage their projects and are used to store source code, the crown jewels of any tech company.

In our analysis of the attacks we found that the perpetrators went through several hoops to ultimately compromise the systems of the SCM users at the targeted organizations. This means that the attackers now had access to the SCM system and could siphon out source code or, worse, modify and add code. (Source: McAfee)

Link to whitepaper.

It might also be worth mentioning that there is a LinkedIN group where articles and information about Aurora is being shared.

Related posts:

*** This is a Security Bloggers Network syndicated blog from Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills authored by Security4all. Read the original post at:

Secure Coding Practices