26. September 2010 · Comments Off on Who’s Behind Stuxnet? The Americans? The Israelis? – Security Watch · Categories: Malware, Zero-day · Tags: , , ,

Who’s Behind Stuxnet? The Americans? The Israelis? – Security Watch.

The security research community continues to marvel at the sophistication of Stuxnet. In fact, there is a growing body of opinion that Stuxnet must have been developed with government sponsorship. Since 58% of identified infections seem to have occurred in Iran, the two obvious countries attracting speculation are the United States and Israel.

Previously, I’ve written about Stuxnet on August 14September 15, and September 17.

Aside from the extremely precise targeted nature of Stuxnet, what is striking is that it took advantage of four different 0-day or unknown vulnerabilities.

If this is not a wake-up call for the need for specialized 0-day malware defenses, I don’t know what is.

15. September 2010 · Comments Off on Microsoft addresses one of the Stuxnet related zero-day vulnerabilities · Categories: Malware, Vulnerabilities, Zero-day · Tags: ,

Today’s round of Microsoft patches addresses a variety of issues including one of the Stuxnet-related zero-day vulnerabilities. Stuxnet actually leverages four different zero-day vulnerabilities! For more details go here, here and here. Computerworld has a more detailed article about Stuxnet: Siemans: Stuxnet worm hit industrial systems.

14. September 2010 · Comments Off on New attacks leverage a zero-day vulnerability in Adobe PDF reader · Categories: Malware, Zero-day · Tags: , ,

Via ThreatPost yesterday:

Security researchers [at Symantec] say that a new wave of attacks suggests that the malicious hackers behind a security compromise [Aurora] at Google and a number of other prestigious U.S. firms are back in business, this time using an unpatched security flaw in Adobe’s PDF (Portable Document Format) Reader application.

The post is well linked for background information on Aurora.

28. August 2010 · Comments Off on Windows DLL exploits boom – how to thwart them · Categories: Boundary Defense, FireEye, Zero-day · Tags: , , , ,

On August 23, 2010 Microsoft issued Security Advisory 2269637, warning about a new method of attack based on the standard way Windows finds a DLL called by a program when the program does not specifically define the location. InfoWorld’s Woody Leonhard, among others had an article about this on August 24 – Heads Up: A whole new class of zero-day Windows vulnerabilities looms.

In a matter of days, hackers were publishing attacks against many Windows apps including FireFox, Chrome, Word, and Photoshop. See Windows DLL exploits boom (August 26).

This is just one example of the speed with which zero-day attacks can proliferate. This is a particularly bad situation because just one Windows vulnerability is being used to create a large number of zero-day attacks across a wide range of applications. We recommend organizations deploy FireEye to counter these zero-day attacks.

From an end user perspective, on August 27, Woody Leonhard published a helpful article, How to thwart the new DLL attacks. To summarize, Woody has two excellent recommendations for users:

First, never double-click on a file that’s in a potentially compromised location. Drag it to your desktop, then open it.

Second, make Windows show you filename extensions and hidden files.

Enhanced by Zemanta