George Kurtz of McAfee is providing some details about the hack attack against Google et.al. purportedly originating in China. One of his comments:
I am sure you are wondering about the name “Aurora.” Based on our analysis, “Aurora” was part of the filepath on the attacker’s machine that was included in two of the malware binaries that we have confirmed are associated with the attack. That filepath is typically inserted by code compilers to indicate where debug symbols and source code are located on the machine of the developer. We believe the name was the internal name the attacker(s) gave to this operation.
It seems sort of strange to me to have Chinese malware in a file path including “aurora”. I am going to speculate that there is more than meets the eye here. Maybe POC code being used by the Chinese or some sort of contract work…
[I suppose there is no reason to make a big deal of the fact that a Google employee is using an old version of IE instead of Chrome, right?]