Dok Microsoft užurbano popravlja ranjivosti unutar Internet Explorer-a (njih čak 7, u okviru zadnjeg update-a) i dok manje skupine hakera diljem svijeta iskorištavaju te iste ranjivosti za svoje aktivnosti (zadnji veliki napad na mreže za procesiranje kreditnih kartica u Koreji odnio je čak 160,000 dolara), čini se da elektronički rat između Amerike i Kine ne jenjava. Spoof-irani e-mailovi poslani su na različite adrese osoba povezanih s američkom vojskom, u kojima se nalazi PDF koji sadrži članak vezan uz nedavne događaje (napad na Google). Pri otvaranju PDF-a instalira se backdoor na računalu, pomoću ranjivosti Adobe-ovog software-a. Zgodno je još spomenuti da je Microsoft znao za ranjivosti u IE-u još od rujna 2009., ali je zakrpu izdao tek krajem siječnja ove godine, kao i da neki sigurnosni istraživači tvrde kako je Google bio obvezan ugraditi backdoor sustav unutar svog Gmail sustava kako bi bio u skladu sa zakonom (što je praksa i u drugim zemljama, osim Kine) te da su kineski hakeri preuzeli kontrolu upravo nad tim backdoor-om.

Detaljnije (na engleskom):

A screen shot posted on F-Secure's Web site showed an e-mail designed to look like it came from George Washington University. The e-mail, with the subject header 'Chinese cyberattack,' offered the target a review of an article on the recent attacks that the purported author had just written for the Far Eastern Economic Review.

When the attached PDF is opened in Acrobat Reader, it exploits a known vulnerability in the doc.media.newPlayer function of the reader to install a back door on the user's system, F-Secure said. The flaw was patched by Adobe last week.

F-Secure reported seeing targeted attacks using similarly poisoned PDF files being directed at U.S. military contractors earlier this week. In that case, the e-mails were designed to appear as if they were from the U.S. Air Force and purported to contain information on an actual Department of Defense event scheduled for later this year.

F-Secure also said it has learned of a similar e-mail targeting the "intelligence sector," but offered no further details.

Attacks that attempt to take advantage of popular news events or stories to fool users into clicking on malicious attachments or browsing to malicious sites have become common in recent years. What's different now is that such attacks are being directed at specific individuals and are increasingly tailored to appear as if they are from a trusted source. Many of the so-called Advanced Persistent Threats (APT) faced by large companies such as Google rely heavily on social-engineering tricks to get targeted individuals to open infected e-mails or download malicious files.