A rash of new clues surrounding the Sykipot computer virus having its way with the US unmanned aircraft fleet suggests the malware originated in China, and explains how it has been used.
Mathew J. Schwartz of Information Week reports the virus appears to have been designed with the sole purpose of stealing UAS data using a “zero-day” vulnerability in Adobe Reader.
A zero-day attack is launched using a vulnerability unknown to a software’s developer and shared among attackers who exploit the fault before a patch is put in place.
The virus was inserted into the military’s network using infected PDF files and specifically targeted to look for information on the Boeing X-45 unmanned combat air system and the Boeing X-37 orbital vehicle.
The X-37 recently had its classified mission extended nine months leading to speculation about its orbital activities. China, too, seems to have questions regarding its mission.
This most recent attack seems to have begun in August 2011, but another variant of the Sykipot virus goes back to 2006. The older version used clouded script files, taking advantage of an Internet Explorer vulnerability.
Finally, both versions used servers known as Netbox, 80 percent of which are located in China. This may explain why its documentation and error messages both come up in Mandarin…
Source: Business Insider