An attack on Google and at least 20 other companies, that originated from China, seems to have exploited a vulnerability in the popular Adobe Acrobat and Adobe Reader software, possibly to steal proprietary codes.
Also on Wednesday, Adobe Systems
The attackers may have been trying to exploit security vulnerabilities in Adobe Acrobat and Adobe Reader, which is widely used to create and read documents.
Cyber security firm iDefense released a note on Wednesday about Adobe Acrobat and Adobe Reader's vulnerabilities.
The vulnerability in Adobe's two products could allow an attacker to inject a code into the computer once a PDF file was opened, iDefense said in a coordinated public disclosure statement. It did not specifically refer to the Google attacks.
Adobe, which released a critical patch for this problem on Tuesday, was not immediately available for comment.
Anti-virus software maker McAfee said in its 2010 Threat Predictions report last month that Adobe software would become increasing targeted by cyber criminals, as its products are the most widely used applications globally.
Based on the current trends, we expect that in 2010 Adobe product exploitation is likely to surpass that of Microsoft Office applications in the number of desktop PCs being attacked, McAfee said in a statement.
Technology-focused website Wired.com quoted iDefense as saying the attack on Google and other corporations intended to steal the companies' source codes.
Journalists, dissidents and other activists in China have often been the target of phishing attacks, in which an email that appears to be from a known sender contains an attachment with a virus or other malicious software.
In September, a coordinated cyberattack on the Chinese assistants of foreign news agencies contained malware that also exploited an Adobe Acrobat vulnerability.
Google said part of the attack's purpose was to access Gmail accounts of human rights activists, adding that many activists seem to have been separately targeted with attacks designed to gain access to their accounts.
We have no indication that any of our mail properties have been compromised, a Microsoft spokesman told Reuters.