[wrekkuh]

Leveraging the 'watering hole' technique to penetrate into one network in order to gain entry into another more compelling system (the actual target), is clever but nothing new. The recon work represented by Semantec's technical report, however, is fascinating to me. It's a great summary of the attacker's methods; reusing code, quality of code used, and statements (albeit brief) about comparing the techniques used in what would normally seem as unrelated attacks.

I also found it no surprise that 0days in this case were routinely wrapped in shockwave to deliver payloads for guaranteed execution.

AV companies may be snake oil salesmen, but i hope they at least fund research like this a bit more aggressively.

[TheCapn]

R&D in the likes of this is virtually sunk cost to the company. In order for researchers to conduct the work like this they typically need two things:

1) A bountiful supply of cash 2) A reputation

#1 pays the bills, #2 gets them in the door. Symantec and others make their #1 with the snake oil such that they can afford to lose a bit of #1 in order to gain #2. With enough #2 they can hire big names, work with large companies and suddenly you have a pretty strong group that's capable of writing articles like this.

In all hopes we'll see this type of malware understanding get pushed through to the actual detection schemes. Instead of reactionary scanning and detection of files we can start to look towards behavioral scanning. False positives are probably the worst part to the consumer about this since they just want their snake oil without side effects.