Bonum Certa Men Certa
If Microsoft Loves Miguel and Novell, Then They Must be Good for GNU/Linux, Right? | IRC: #boycottnovell @ FreeNode: January 14th, 2010

Chinese Google 'Attack' Involves Microsoft Windows Flaws

China satellite image



Summary: It is not Google's fault but Microsoft's fault that China managed to compromise accounts not just of Google but of over 20 other companies, by Microsoft's own admission

YESTERDAY we mentioned Google's reaction to attacks from China, which are now confirmed to be targeting different companies. It was not something against Google as Google is one among several victims and some people doubt there will be an exit from the largest Internet market.



How would leaving the Chinese market actually prevent Chinese crackers from connecting to Google servers? It would not.

Hacking Risks Persist Even If Companies Withdraw From China



Google and other enterprises still face a bleak computer security landscape that makes their companies vulnerable to hackers, whether they do business in China or not, analysts say.


Perhaps the most interesting revelation, which was found buried deep inside reports, is the role of Windows in these attacks on Google. Check this one out for example: (the emphasis in red is ours)

More sources are now claiming the Chinese government is behind the recent cyberattacks against Google and 33 other Silicon Valley companies, reports security firm Verisign iDefense. The attacks, revealed yesterday via a posting on Google's official blog, were hacking attempts on the technology infrastructure of Google and other major corporations in sectors that included finance, technology, media and chemical, said Dave Girouard, president of Google Enterprise.

[...]

While July's attacks were detected early and were largely uneventful, December's attacks did find some success. In addition, these same sources claim that the files in both cases share similar characteristics. For example, both attacks used a backdoor Trojan in the form of a Windows DLL, and both share two similar hosts for the command-and-control (C&C) communication. In layman's terms, if the cyberattack was a ground assault during a war, the C&C would be the general barking out the orders. Also in both incidents, the IP addresses used for C&C are in the same subnet and only six addresses apart from each other. That means both attacks are likely to have been instigated by the same entity and may imply that the recent victims' technology infrastructure has been compromised since July.


When one in two Windows PCs is said to be a zombie PC, the above should not be surprising. This was a targeted attack which must have relied on China activists' use of Microsoft Windows.

As the name suggests, the carefully crafted assaults differ from the net-cast-wide malware most often seen. A targeted attack specifically selects its victim and generally sends an e-mail using that person's name and perhaps business title. The body of the message might reference an attached list of business contacts, or describe it as an invoice, or use any other hook that would allay suspicion and convince the victim to double-click the attachment.


Real activists do not use Windows and should use GNU/Linux. A few moments ago, our reader Jose added information that confirms the above. It's an AP article titled "Microsoft's browser flaw exposed Google to hackers" and it says (in the opening): "Microsoft says a security flaw in its Internet Explorer browser played a role in the recent computer attacks against Google and at least 20 other companies."

In other news, a bank server has just been compromised and Baidu got hit by the same group that exploited Windows botnets to take down Twitter [1, 2, 3, 4, 5, 6]. We mentioned this story here and there's more from The Register:

The same group that used a DNS attack to hijack Twitter last month has defaced the home page of Chinese search engine Baidu.

Surfers visiting Baidu site on Monday night were confronted by the message "This site has been hacked by Iranian Cyber Army", together with an image of the Iranian flag. Early speculation suggests the attack involved changing Baidu's DNS records rather than a direct attack on the site itself, but this remains unconfirmed.


Baidu -- unlike Google -- was not a victim of customers who use Windows. Google should tell customers that it's not Google that's vulnerable; it's Windows. Customers should therefore rethink their platform preferences. The same already goes for banks, for similar reasons.

Comments

If Microsoft Loves Miguel and Novell, Then They Must be Good for GNU/Linux, Right? | IRC: #boycottnovell @ FreeNode: January 14th, 2010

Recent Techrights' Posts

SLAPP Censorship - Part 115 Out of 200: Spending the Next Decade Writing About SLAPPs and Trying to Fix the System
It's the same industry that got paid by corrupt EPO officials to try to cover up the corruption
 
Greece Ought to Curb the Threat of Social Control Media
its national discourse seems to be run by an American company called Facebook
State of the GNU/Linux Desktop (and Laptop)
The time to advocate GNU/Linux is now
The 'XBox Narrative' Distracts From Destructive Cuts Across the Whole of Microsoft
Microsoft is preparing to lay off a likely record-breaking number of people [...] this isn't just an XBox problem
Microsoft's Stock Fell Nearly $200, But the Real Problems Are Just About to Begin
if they dump slop, what will they tell shareholders?
The Cyber Show on Starmer and Software Freedom
The Cyber Show's Andy has just explained why our departing national leader wasn't all bad
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 22, 2026
IRC logs for Monday, June 22, 2026
Gemini Links 23/06/2026: Girlrotting, Homeworlds at BGA, Slop Ruins Sites
Links for the day
A Lifetime of Whistleblowing
Ellsberg did not have an easy life, but it was a rewarding life with a rich legacy focusing on justice
European Patent Office (EPO) Series: A Man With Many Missions...
Campinos – accompanied by Gilles Requena and Patrice Pellegrino
Links 22/06/2026: Ubisoft Co-founder Dies, Americans Have Turned Against Slop
Links for the day
Links 22/06/2026: "The Sycophancy Machine" and "Port 22 Open for 54 Days"
Links for the day
When People Who Make the Most Money Are the Best "Boot Lickers" (Sucking Up to Jeffrey Epstein's Circle and the Dictator)
Sucking up to rich people may pay off
The Aim is Not Fame
Reposted from schestowitz.com
"Internally Important, Externally Irrelevant": IBM in a Nutshell
Right now its debt spins out of control and its stock spirals down the drain
SLAPP Censorship - Part 114 Out of 200: Thousands of Long Articles to Come, Properly Covering the SLAPP Industry in the UK and Its Modus Operandi
"Stowell described SLAPPs as ‘a stain on our legal system’."
Finding a Way to Get Paid to Improve LibreJS
So now we have more people resurrecting LibreJS and improving it
Microsoft Can't Even Wait Until July, Shutdowns and Layoffs Already Happening
Mashable speak of "a grim picture for the state of Xbox."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 21, 2026
IRC logs for Sunday, June 21, 2026
Gemini Links 22/06/2026: Appreciating Simple Things, Perfect Summer Evening, IRIX, Vim and so
Links for the day
Chad's Move to GNU/Linux or the Point of Exceeding 5% "Market Share"
experienced centuries of being colonised
Gemini Links 21/06/2026: Dating Oaks, Paying With Cash, and "More on Withered Technology"
Links for the day
GAFAM is Drowning in Debt, GAFAM is Clearly Not Sustainable Anymore (It Runs on Borrowed Money and Bailouts)
The war and surrender in Iran will deepen the debt; we'll see the GAFAM reports in late July
GAFAM Was Never an Ally to Europe
Only 1 in 10 Europeans see US as an ally — study [...] military providers in "tech" clothing cannot be trusted
GitHub, LinkedIn, and XBox Will Finish Like Skype (Sustainability Crisis)
Skype should become a verb. When Microsoft 'Skypes' something it means it basically shuts it down with some temporal excuse/s.
Drowning in Garbage: AUR Shows That Too Much Low-Quality Software (Including Slop) is Bad for Everybody
What happened in AUR had happened elsewhere before and will happen again in the future
Links 21/06/2026: EU on Patented (Monopolised) Crops, Microsoft Software "Narcs on You to Your Boss"
Links for the day
Microsoft at 50 Follows the General Trajectory of Skype
How many years does Microsoft have left before payroll becomes impossible?
A Year After a Microsofter Took Over The Register MS It is Effectively a Content Farm With News as a 'Side Dish'
This is not journalism, this is spam
IBM Pays the Media and Cons Some 'Journalists' Into Participating in "Quantum" Spam
"The Boy Who Cried Wolf"
You Don't Need an 'App' for Your Birdhouse (Slopfondlers Come for Birds)
That they sell those things as "AI" really says a lot about how dishonest slopfondlers really are
SLAPP Censorship - Part 113 Out of 200: The United Kingdom is Not Turkey
Turkey is ranked almost worst in the Western World for press freedom
Cybersecurity Does Not Mean Asking Microsoft for Permission to Boot
There were very good and timely reasons to speak about the matter, including impending antitrust complaints against Microsoft
Links 21/06/2026: Bots from Alibaba Do Harm and Many Xbox Games Are Being Cancelled
Links for the day
5 Years After Release of Vista 11 Not Even One in 5 People Use It (in the US)
It doesn't look like Vista 11 will ever be adopted like prior versions and announcing a Vista 12 will mostly upset companies/organisations that only recently "upgraded" to 11
Gemini Links 21/06/2026: Boca Raton, Perfect Summer Day, and LLM Doing Things Poorly
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 20, 2026
IRC logs for Saturday, June 20, 2026