The infamous Aurora Trojan horse is just one of many attacks launched by the same group of malware authors over the past three years, according to researchers at Symantec. Security researchers with Symantec have issued a report outlining the techniques used by the so-called "Edgewood" hacking platform and the group behind it. The group seemingly has an unlimited supply of zero-day vulnerabilities.





They are definitely shifting their methodology, and there are open questions about why that is," said Eric Chien, senior technical director for Symantec's security response group. "They may be finding that older techniques are no longer working." The company said that the group is well-funded and armed with more than a half-dozen unpublished security vulnerabilities. "," said Eric Chien, senior technical director for Symantec's security response group. "."





"The number of zero-day exploits used indicates access to a high level of technical capability."The researchers said that the group appears to favour "watering hole" attacks techniques in which the attacker profiles a targeted group and places attack code into sites which the targets are likely to visit.



Here are just some of the most recent exploits that they have used:

• Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)

• Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)

• Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)

• Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535)



• Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)• Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)• Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)• Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535)

Operation Aurora was a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google on January 12, 2010. In the blog post, Google said the attack originated in China.



