Beyond Stuxnet

Looks like someone, and I’m guessing it’s not the Anonymous script kiddies, is getting ready to open a serious can of cyberwarfare whoop ass on someone.

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

See also:
Son of Stuxnet Found in the Wild on Systems in Europe
Duqu May Have Targeted Certificate Authorities for Encryption Keys
Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?
“Son of Stuxnet” Virus Uncovered
New virus a cyber ‘attack in the making’
Cyberattack forecast after spy virus found
Stuxnet successor on the loose?
Brace for “son of Stuxnet” — Duqu spies on SCADA
Duqu: Son of Stuxnet?
Symantec, McAfee differ on Duqu threat
Who’s behind worm Duqu, ‘son of Stuxnet’?
Stuxnet-based cyber espionage virus targets European firms
Key European Nuclear Firms Attacked By Variation On Stuxnet Virus

A couple of conclusions come to mind. First, the fact that Duqu is based on Stuxnet and the Stuxnet source code has never been released makes it a sure bet that the authors are one in the same, namely Israel and/or the United States, Second, the fact that Duqu is clandestinely collecting information from European manufacturers of industrial control system software, specifically software that controls nuclear facilities, strongly suggests that the eventual primary target of the apparent pending cyberattack will, once again, be Iran’s nuclear program.

/in other words, Duqu is setting up a cyberassault that will hopefully finish, once and for all, the job that Stuxnet so effectively started, halting Iran’s quest for a nuclear weapon in its tracks without having to bomb the [expletive deleted] out of their nuclear facilities

Advertisements

It Came From Outer Space

Life from the sky.

DNA building blocks found in meteorites

For 50 years, scientists have debated whether the components of DNA — the molecule central to all life on Earth — could spontaneously form in space. A new analysis of a dozen meteorites found in Antarctica and elsewhere presents the strongest evidence yet that the answer is yes.

Meteorites are space rocks that have fallen to the ground, and the new report bolsters the notion that heavy meteorite bombardment of the early Earth may have seeded the planet with the stuff of life.

“[M]Meteorites may have served as a molecular kit providing essential ingredients for the origin of life on Earth and possibly elsewhere,” write the authors of the report out today in the Proceedings of the National Academy of Sciences.

See also:
Found: A Batch of DNA Molecules That Seem To Have Originated in Space
Building Blocks of DNA Found in Meteorites From Space
NASA: Building blocks of DNA ‘can be made in space’
DNA in Meteorites Suggests Life Came from Space
DNA components confirmed to come from space
Scientists find building blocks of life in meteorites
NASA researchers find DNA building blocks can be made in space
DNA From Asteroids

Hey, if these DNA laden meteorites are showing up on Earth, they’re showing up on other planets too, thereby making the possibility of life elsewhere in the universe much more plausible.

/God works in mysterious ways

Super Bot

This sure looks like a nasty piece of work.

Massive botnet ‘indestructible,’ say researchers

A new and improved botnet that has infected more than four million PCs is “practically indestructible,” security researchers say.

“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said.

. . .

TDL-4 infects the MBR, or master boot record, of the PC with a rootkit — malware that hides by subverting the operating system. The master boot record is the first sector — sector 0 — of the hard drive, where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks.

Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

But that’s not TDL-4’s secret weapon.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

See also:
TDL4 – Top Bot
Sophisticated TDL-4 Botnet Has 4.5 Million Infected Zombies
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
TDL-4 creates 4.5 million PC ‘indestructible’ botnet
Security Researchers Discover the Mother of All Botnets
TDL-4: The ‘indestructible’ botnet?
There’s a Botnet Called TDL-4 That’s Virtually Indestructable
‘Indestructible’ Botnet Enslaves 4.5 Million PCs
‘Indestructible’ Zombie PC Botnet Borrows Exploit From Israeli, U.S. Cyberweapon
Have cybercriminals created the perfect botnet — undetectable and indestructible?

If you ever needed a reason and reminder to keep your operating system, anti-virus, and anti-spywware software patched and up to date, this would be a good one.

/remember, if you’re not part of the solution, you’re potentially part of the problem

What Was The [Expletive Deleted] Point?

First they promised to cut $100 billion, then said what they really meant was that they’d hold out indefinitely for $60 billion, then they totally caved in to the Democrats, compromising on $38 billion, and in the end all we got was a lousy $352 million in cuts. What a gyp, shame on the spineless Republicans.

Budget deal: CBO analysis shows initial spending cuts less than expected

A federal budget compromise that was hailed as historic for proposing to cut about $38 billion would reduce federal spending by only $352 million this fiscal year, less than 1 percent of the bill’s advertised amount, according to the Congressional Budget Office.

Although that analysis dampened enthusiasm for the deal among many Republicans on Thursday, the House and the Senate approved the measure with bipartisan support. President Obama is expected to sign the bill Friday, officially ending the prospect of a government shutdown.

The findings from the budget office warned that the deal may never come close to delivering on its promises. The analysis found that $13 billion to $18 billion of the cuts involve money that existed only on paper and was unlikely to ever be tapped.

See also:
U.S. Budget Analysis Shows Smaller Savings
CBO Says Budget Deal Will Cut Spending by Only $352 Million This Year
Forget $38B: Budget only cuts $352 million this year
Deal Approved but Debate Continues Over Actual Extent of Spending Cuts
Budget cuts too small for many conservatives
Spending cuts fall short of $38 billion: CBO
How Washington Turned $38 Billion Into $352 Million
CBO: 2011 Budget Cuts Far Less Than Promised
Editorial: Washington’s $38 Bil In ‘Cuts’ Are Bogus

This is insane, the United States is $14 trillion in debt, the world bond markets could decide to cut up our national credit card at any given moment, the laws of mathematics dictate that the American economy will completely collapse by 2037, and these congressional buffoons spent the entire last month arguing over cutting $352 million?

The 2012 elections can’t come fast enough. We need to start with a new President and Republicans taking control of the Senate and keeping control of the House. It’s apparent that one party rule, with a party that’s serious about restoring fiscal sanity (and that ain’t the Democrats), is going to be required to stop this country from careening off the cliff of financial ruin.

/and, if that doesn’t work, we’ll have to get us some new Republicans starting in 2014