John Markoff, writing in the New York Times, has reported that SecureWorks researcher Joe Stewart found a distinctive algorithm – only ever published on Chinese web sites – used in the Hydraq Trojan which installed back-door malcode used in the attack on Google. Hydraq also is called Aurora.
The code was used for error-checking of transmitted data.
Google said last week it was thinking of withdrawing from China after attacks from that country on it and more than two dozen other companies. The attacks on Google were aimed at the Gmail accounts of dissidents and Google’s source code. The attacks on the other companies were aimed at stealing intellectual property.
NYT piece here.
Tom Kelchner