Inspection by experts at Symantec revealed the clues that hint at Beijing, China to be the prime location for the execution of the command and control (C&C) server, the largest ISP of the country. On one such occasion, the attackers even employed a huge number of malicious files in the Zhejiang province, claims Symantec.
Researchers however, claimed that a majority of the files used during the attacks were comprised of a PDF that on the later stage dropped highly violent virus, Trojan. It is also assumed that other tools including gsecdump were also utilized successfully during the attack.
It has also been revealed that the files were also received and saved to the computer explicitly from a specific address employing a popular instant messaging client in Asia. However, researchers were incapable of tracing the contact number to a particular individual used in the malware circulation.
...
