Ad: Click for helpful tips from Canon
  • CNET
  • All stuxnet posts

stuxnet

Microsoft to plug critical IE, final Stuxnet Windows holes

Microsoft said today that next week's Patch Tuesday will bring 17 updates plugging 40 holes and featuring two rated "critical," including one in Internet Explorer that was targeted in attacks last month.

The critical IE vulnerability was written for IE 6 and 7 but IE 8 is also vulnerable, Microsoft said when it issued a warning about it in November.

Also fixed on Tuesday will be the final of four holes in Windows that the Stuxnet malware used.

"This is a local Elevation of Privilege vulnerability and we've seen no evidence of its use in … Read more

Buzz Out Loud 1355: We're Gowalla-ing to Disneyland! (podcast)

On today's show, Gowalla teams up with Disney to offer virtual pins, instead of the real ones everyone actually wants. And we discover Molly's never been to Disneyland, so maybe Gowalla should sponsor a road trip! Also, Google eyes Groupon, Cox becomes the first cable company to get into the mobile phone game, and carriers threaten to stop subsidizing iPhones if Apple tries to free the phone from carrier confines. --Molly

Subscribe:  iTunes (MP3)iTunes (320x180)iTunes (640x360)RSS (MP3)RSS (320x180)RSS (640x360)Read more

Symantec to Congress: Stuxnet is 'wake-up call'

The Stuxnet worm is a "wake-up call" because of its complexity and its aim at critical infrastructure systems, a Symantec director told a U.S. congressional committee today.

The malware is a milestone in many ways, Dean Turner, director of Symantec Security Response's Global Intelligence Network, said in testimony before the U.S. Senate Committee on Homeland Security and Governmental Affairs.

It is the first known threat to: spy on and reprogram industrial control systems and grant hackers control of critical infrastructures; use four zero-day vulnerabilities; compromise two digital certificates; inject code into industrial control systems and … Read more

McAfee: Spam down, but malware up

Spam hit a two-year low this past quarter, but malware is at an all-time high, according to McAfee's latest Threats Report.

Out today, the "McAfee Threats Report: Third Quarter 2010" (PDF) found that though spam is still high, it continued its overall decline from January, both globally and nationally. With the exception of Russia, Greece, Belarus, and Indonesia, all countries tracked by McAfee showed a drop in spam levels.

So much for the good news.

On the down side, malware has reached an all-time high, according to the security technology company, which identified an average of 60,000 new threats each day in the third quarter, almost quadrupling since 2007. For 2010 so far, McAfee has discovered 14 million unique pieces of malware, a million more than this time last year.

One of the more "sophisticated" threats that reared its head this year was the Zeus botnet, designed to steal information during banking transactions. Over the third quarter, Zeus expanded its scope by targeting mobile devices, specifically attempting to grab SMS messages sent to validate the transactions. McAfee also noticed a rise in e-mail campaigns launched to spread the botnet by sending out messages claiming to come from FedEx, the IRS, the U.S. Post Office, and other such parties.… Read more

Symantec: Stuxnet clues point to uranium enrichment target

Symantec researchers have figured out a key mystery to the Stuxnet worm code that strongly suggests it was designed to sabotage a uranium enrichment facility.

The program targets systems that have a frequency converter, which is a type of device that controls the speed of a motor, Eric Chien, technical director of Symantec Security Response, told CNET today. The malware looks for converters from either a company in Finland or Tehran, Iran.

"Stuxnet is watching these devices on the target system that is infected and checking what frequency these things are running at," looking for a range of … Read more

Urban model for cybersecurity ed: San Diego

A Slovakian antivirus company with its American headquarters in San Diego is trying to make good cybersecurity just as much a part of the local fabric as good beaches and Chargers football.

Eset launched the Securing Our eCity program with the San Diego Chamber of Commerce two years ago to offer free workshops to consumers and small businesses on how to stay safe online. Today it has become a model for similar initiatives being launched in Malaysia, Buenos Aires, and London. And it helped with the creation of the Stop Think Connect campaign launched last week as part of National … Read more

Microsoft fixes record 49 holes, including Stuxnet flaw

In a record Patch Tuesday, Microsoft released updates today for Windows, Internet Explorer, and the .NET framework that feature fixes for 49 holes, including one being exploited by the Stuxnet worm.

Microsoft recently fixed two of the four unpatched holes being used by Stuxnet to spread to Windows-based machines. The malware ultimately targets systems running software from Siemens that is used in critical infrastructure operations. Today's release plugs one (MS10-073) of the remaining two holes and the company said in a blog post that the final hole will be addressed in an upcoming security bulletin.

Meanwhile, Microsoft provided a … Read more

EU calls Stuxnet 'paradigm shift' as U.S. responds more mildly

While official U.S. response has been comparatively mild, the European Union's cybersecurity agency says Stuxnet represents a "paradigm shift" in critical infrastructure threats and that current defense philosophies need to be reconsidered.

In a statement released yesterday, Udo Helmbrecht, the executive director of ENISA (European Network and Information Security Agency), said that as a "new class and dimension of malware," Stuxnet represents a "paradigm shift."

"The attackers have invested a substantial amount of time and money to build such a complex attack tool," he said. "The fact that perpetrators … Read more

Stuxnet: Fact vs. theory

The Stuxnet worm has taken the computer security world by storm, inspiring talk of a top secret, government-sponsored cyberwar, and of a software program laden with obscure biblical references that call to mind not computer code, but "The Da Vinci Code."

Stuxnet, which first made headlines in July, (CNET FAQ here) is believed to be the first known malware that targets the controls at industrial facilities such as power plants. At the time of its discovery, the assumption was that espionage lay behind the effort, but subsequent analysis by Symantec uncovered the ability of the malware to control … Read more

RIM BlackPad today?

  Links from Monday's episode of Loaded: Research in Motion venturing off to the tablet world Stuxnet corrupted Iran's first nuclear power plant iPhone 4 on sale in China Ping, Apple's social music service, gets an update