Archive for October 18th, 2011

W32.Duqu – Advanced malware threat modeled after Stuxnet

Duqu is a sophisticated new threat which appears to have been written by the same group who authored Stuxnet (one of the most advanced malware attacks developed to date)

W32.Duqu – Advanced malware threat modeled after Stuxnet
http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%e2%80%93-further-tales-of-the-stuxnet-files

QUOTE: Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu uses HTTP and HTTPS to communicate with a command-and-control (C&C) server that at the time of writing is still operational. The attackers were able to download additional executables through the C&C server, including an infostealer that can perform actions such as enumerating the network, recording keystrokes, and gathering system information. The information is logged to a lightly encrypted and compressed local file, which then must be exfiltrated out.

Privacy – Managing the flow of sensitive information

Privacy invokes the protection of sensitive information as it flows throughout an organization.  F-Secure has an interesting article related to the psychology of this process:

F-Secure: Privacy is a way of managing information flow
http://www.f-secure.com/weblog/archives/00002254.html

QUOTE: Why are people so willing to give away their personal information to complete strangers? It’s because humans want to share information. And in fact, they share information a lot more freely than other “things” such as goods and services.  Which of these are you most likely to provide without thinking much about it?

  •  To give a stranger directions to the bus stop (information).
  •  To take a stranger to the bus stop (service).
  •  To give a stranger bus fare (goods).

If you’re like most people, you’ll freely give directions, but you’ll resist giving away your money.  “Managing our privacy” isn’t a natural act.  What maintained our privacy in the past was that it was generally inconvenient to spy on people. Platforms such as Facebook present a new unique problem and new solutions (filters) are needed, rather than to re-tool old existing filters.

Trend Labs – Highlights from Virus Bulletin 2011 Barcelona

Several informative links are noted in this summary

Trend Labs – Highlights from Virus Bulletin 2011 Barcelona
http://blog.trendmicro.com/highlights-from-vb-2011-barcelona/

QUOTE: This year, we had the privilege of attending the 21st Virus Bulletin International Conference in Barcelona, Spain. Researchers from Trend Micro presented three topics in the corporate stream and one topic in the technical stream.

Ethan YX Chen covered file-fraction reputation for the technical stream on day 1.

For the corporate steam on day 2, Max Goncharov presented on traffic direction systems as malware distribution tools 

David Sancho and Rainer Link talked about the lessons they learned while sinkholing botnets.

Trend Micro global director of education David Perry talked about the missing metrics of malware.

The presentation entitled, “An OpenBTS GSM Replication Jail for Mobile Malware,” by Axelle Apvrille discussed the challenges security researchers faced when analyzing mobile threats. 

The presentation about fraud malware analysis showed us that FAKEAV/fake tools have been around for some time now and will probably be there for even longer because of their capability to adapt to changes in the computing landscape.

In his presentation, Tim Ebringer of Microsoft brought out the issue regarding difficulties with finding other malware samples related to one particular file.

GNC – Lists Ten of scariest computer viruses of all time

There are many additional ones that could be added to the list including some of these in my own top ten: Conficker, Sasser, CIH, Blaster, Nimda, SQL-Slammer, Klez, SoBig, Netsky, AntiExe, etc

GCN LAB IMPRESSIONS – The 10 scariest computer viruses of all time
http://gcn.com/articles/2011/10/14/10-scariest-computer-viruses-of-all-time.aspx

QUOTE: The dreary winter months are approaching, and little ghosts and goblins are starting to crawl from their haunts. With the spooky Halloween season about to get into full swing, we thought we might help get into the mood with a look at the 10 most frightening viruses of all time. Hide your hard drives, lock up your files and make sure your AV shields are at maximum power as we enter…the dark realm of computer programs gone bad.

10. Virus infecting U.S. fleet of combat drones
9. Creeper wasn’t actually all that malignant, and it only affected TENEX operating systems in the 1970s.
8. Suddenly, in 2007, Stoned.Angelina came back to infect more than 100,000 PCs running the new operating system.
7. Stuxnet – cripple the Iranian nuclear program.
6. Anna Kournikova virus in 2001
5. Back Orifice is not really a virus per se, but gives remote access privileges to someone at another computer
4. Christmas Tree EXEC program paralyzed a lot of internal networks in 1987
3. Code Red virus was one of the first to successfully target Web servers running IIS in 2001
2. Melissa virus of 1999
1. I Love You virus, which racked up an impressive kill tally of tens of millions of computers in the year 2000.
TOP TEN EMAIL viruses of all time from 2004
http://msmvps.com/blogs/harrywaldron/archive/2004/07/20/10421.aspx