September 2010 Archives
Posted By Netgear Threat Lab at 12:32 PM, September 28, 2010
Stuxnet began in July earlier this year and rapidly gained popularity because it is the first known malware specifically designed for an SCADA system and also for the theft of the digital certificates of some hardware companies. These in addition to reports that Stuxnet is targeting an Iranian nuclear power plant has created quite a stir.
Earlier variations of Stuxnet used a forged autorun.inf file in mobile USB hard disks to spread. Later on it also spread by exploiting the Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability (again, this is primarily through mobile USB hard disks). More recently, it has added another method of transmission by using a loophole in the Microsoft Print Spooler service. (This vulnerability has been patched by on Sept. 15th).
Posted by: Netgear Threat Lab at 12:32 PM
Categories: Netgear Threat Lab
Posted By Pete at 3:58 PM, September 24, 2010
Up until now I've been nothing but happy with my desktop/laptop security software suite (A friendly vendor not to be named). I can be less paranoid and have a sense of security when treading in less than legit Internet waters. However, over the past week the software has been driving me crazy.
Like any other piece of software with annual licensing, when it comes time for renewal it generates a popup on your screen reminding you to renew. Even our UTM and STM have this type of mechanism built in. The difference is, this reminder bug pops up waaaay too often. It's there when I boot up, when my computer comes back from hibernation, wakes up from sleep, when I look at my security settings...you get the point.
I can live with once or twice a day but jeez...enough is enough. Regardless, I'm going to renew just because it works great - for 341 days of the year.
Posted by: Pete at 3:58 PM
Posted By Pete at 2:52 PM, September 23, 2010
One particular aspect of the Stuxnet worm that has raised eyebrows is the complexity of the worm. Not only does Stuxnet use a new way of propagating (by using specially crafted shortcut .lnk files), it also exploits four previously unpublished vulnerabilities in Windows, use stolen digital certificates to sign its own drivers, and is able to hide itself like a rootkit.
The sophisticated techniques used indicates a lot of careful planning and thought as well as expertise was put into Stuxnet. Personally, I feel that this is only the beginning and that we will see a new "cold war" featuring highly specialized malware attacking high priority targets.
Looks like governments and corporations throughout the world will be heavily investing in this area for both "good" and "bad" purposes.
Posted by: Pete at 2:52 PM
Posted By Pete at 2:34 PM, September 23, 2010
The Stuxnet worm has created quite a stir lately and has reached headlines of most major news outlets. What makes this worm different from the thousands of other active worms?
Unlike worms and other malware in the past, Stuxnet does not target your average PC sitting on the Internet. Rather, the worm spreads via USB drives and once it infects a machine, it targets a specific industrial control software used by Siemens. Once such a system has been identified, the Stuxnet payload reprograms the PLC (programmable logic control) of the control software and can give new instructions to the actual machinery itself - potentially turning motors on and off, shutting down cooling systems, and other good stuff (sounds like right out of a sci-fi movie right?)
Make no mistake, this is one piece of sophisticated weaponry. All indicators point that Stuxnet was created to attack an Iranian nuclear power plant. The plot thickens.
Posted by: Pete at 2:34 PM
« August 2010 |
Main Index |
| October 2010 »