Provos says that Google’s Safe Browsing infrastructure, which scans websites for malicious content, picked up the attack in early March.
The attackers targeted Amazon’s CloudFront and then switched to Github.
Provos writes :
The attack against the cloudfront hosts stops on March 25th. Instead, resources hosted on github.com were now under attack.
Safe Browsing detected 8 websites serving malicious scripts targeting Github, all hosted on baidu domains :
- cbjs.baidu.com (22.214.171.124)
- eclick.baidu.com (126.96.36.199)
- hm.baidu.com (188.8.131.52)
- pos.baidu.com (184.108.40.206)
- cpro.baidu.com (220.127.116.11)
- bdimg.share.baidu.com (18.104.22.168)
- pan.baidu.com (22.214.171.124)
- wapbaike.baidu.com (126.96.36.199)
Data published by Google make it clear that attacks on such a scale will be detected and cannot be covert.
Provos hopes “that the external visibility of this attack will serve as a deterrent in the future”.
Will China get the message ?