A pdf of the Symantec report 'The Elderwood Project' can be downloaded from <a href="http://bit.ly/Q07MpB" rel="nofollow">http://bit.ly/Q07MpB</a><p>(not a Symantec employee, just following the links)
Leveraging the 'watering hole' technique to penetrate into one network in order to gain entry into another more compelling system (the actual target), is clever but nothing new. The recon work represented by Semantec's technical report, however, is fascinating to me. It's a great summary of the attacker's methods; reusing code, quality of code used, and statements (albeit brief) about comparing the techniques used in what would normally seem as unrelated attacks.<p>I also found it no surprise that 0days in this case were routinely wrapped in shockwave to deliver payloads for guaranteed execution.<p>AV companies may be snake oil salesmen, but i hope they at least fund research like this a bit more aggressively.