First known attacks using the Aurora malware that compromised Google weren t discovered until late last year. Some parts of the malware codebase has been in existence in China for nearly four years, raising questions about how many other attacks it might have been used in during that time frame. The Aurora codebase comprises several discrete modules that each perform separate tasks during the exploitation, installation and remote-control process. Some of the Aurora code was cribbed from other sources, but not most of it was.
Source: https://threatpost.com/aurora-attack-malware-components-may-be-four-years-old-012010/73406/