Don’t Get Caught In The Crossfire

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

See also:
Microsoft Security Advisory (2639658)
Microsoft software bug linked to ‘Duqu’ virus
Microsoft Provides Workaround Patch for Duqu Malware
Microsoft announces workaround for the Duqu exploit
Microsoft Issues Temporary Duqu Workaround, Plans 4 Patch Tuesday Fixes
Six Ways to Protect Yourself from Duqu
Microsoft Airs Temporary Fix to Defeat Duqu Worm
Microsoft Releases Temporary Plug For Duqu
Duqu exploits same Windows font engine patched last month, Microsoft confirms
5 Things To Do To Defend Against Duqu
Microsoft issues temporary ‘fix-it’ for Duqu zero-day
Patch Tuesday: Fix for ‘Duqu’ zero-day not likely this month

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Advertisements

Beyond Stuxnet

Looks like someone, and I’m guessing it’s not the Anonymous script kiddies, is getting ready to open a serious can of cyberwarfare whoop ass on someone.

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

See also:
Son of Stuxnet Found in the Wild on Systems in Europe
Duqu May Have Targeted Certificate Authorities for Encryption Keys
Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?
“Son of Stuxnet” Virus Uncovered
New virus a cyber ‘attack in the making’
Cyberattack forecast after spy virus found
Stuxnet successor on the loose?
Brace for “son of Stuxnet” — Duqu spies on SCADA
Duqu: Son of Stuxnet?
Symantec, McAfee differ on Duqu threat
Who’s behind worm Duqu, ‘son of Stuxnet’?
Stuxnet-based cyber espionage virus targets European firms
Key European Nuclear Firms Attacked By Variation On Stuxnet Virus

A couple of conclusions come to mind. First, the fact that Duqu is based on Stuxnet and the Stuxnet source code has never been released makes it a sure bet that the authors are one in the same, namely Israel and/or the United States, Second, the fact that Duqu is clandestinely collecting information from European manufacturers of industrial control system software, specifically software that controls nuclear facilities, strongly suggests that the eventual primary target of the apparent pending cyberattack will, once again, be Iran’s nuclear program.

/in other words, Duqu is setting up a cyberassault that will hopefully finish, once and for all, the job that Stuxnet so effectively started, halting Iran’s quest for a nuclear weapon in its tracks without having to bomb the [expletive deleted] out of their nuclear facilities

Two Up, Two Down

This is the second failed flight for the HTV-2, at $160 million per splash.

DARPA issues statement on failed flight of hypersonic aircraft

The Falcon launched at 7:45 a.m. from Vandenberg Air Force Base, northwest of Santa Barbara, into the upper reaches of Earth’s atmosphere aboard an eight-story Minotaur IV rocket, made by Orbital Sciences Corp.

After reaching an undisclosed sub-orbital altitude, the aircraft jettisoned from its protective cover atop the rocket, then nose-dived back toward Earth, leveled out and began to glide above the Pacific at 20 times the speed of sound, or Mach 20.

Then the trouble began.

“Here’s what we know,” said Air Force Maj. Chris Schulz, DARPA’s program manager. “We know how to boost the aircraft to near space. We know how to insert the aircraft into atmospheric hypersonic flight. We do not yet know how to achieve the desired control during the aerodynamic phase of flight. It’s vexing; I’m confident there is a solution. We have to find it.”

See also:
Pentagon’s hypersonic flight test cut short by anomaly
Pentagon’s Mach 20 Missile Lost Over Pacific — Again
DARPA drops another HTV-2
Second Flop: DARPA Loses Contact With HTV-2
DARPA Launches and Loses Hypersonic Aircraft: Update
The Air Force Loses a Second Superfast Spaceplane
Falcon HTV-2 is lost during bid to become fastest ever plane
Falcon hypersonic vehicle test flight fails
Review Board Sets Up to Probe HTV-2 L
DARPA loses contact with hypersonic aircraft
Lost at sea. Military loses contact with hypersonic test plane
Misdirection, Always Watch What The Left Hand Is Doing

So, in order to find out what went wrong, the Air Force needs to find this tiny HTV-2 drone, that they lost contact with, somewhere in the vast Pacific ocean. Good luck with that, they never lost the first one the dunked.

/why do I get the feeling there’s not going to be a third time?

Tuesday Is The Time At Microsoft When We Patch

It’s a relatively small one this time, but critical.

Microsoft Fixes 22 Bugs in July Patch Tuesday

Microsoft addressed 22 security vulnerabilities across four security bulletins in July’s Patch Tuesday update. Three of the patches fix issues in the Windows operating system.

The four bulletins patched issues in all versions of the Windows operating system and in Microsoft Visio 2003 Service Pack 3, Microsoft said in its Patch Tuesday advisory, released July 12. Of the patches, only one has been rated “critical.” The remaining three are rated “important,” according to Microsoft.

“Today’s Patch Tuesday, though light, should not be ignored, as these patches address vulnerabilities that allow attackers to remotely execute arbitrary code on systems and use privilege escalation exploits,” said Dave Marcus, director of security research and communications at McAfee Labs.

Security experts ranked Microsoft bulletin MS11-053, which addressed a critical vulnerability in the Windows Bluetooth stack on Windows Vista and Windows 7, as the highest priority. Attackers could exploit the vulnerability by crafting and sending specially crafted Bluetooth packets to the target system to remotely take control, Microsoft said in its bulletin advisory.

See also:
Microsoft Security Bulletin Summary for July 2011
Microsoft fixes 22 security holes
Microsoft issues critical patch for Windows 7, Vista users
Microsoft Releases 4 Updates for Windows and Office
Microsoft warns of critical security hole in Bluetooth stack
Security Experts Warn of Microsoft Bluetooth Vulnerability
Patch Tuesday Fixes Critical Bluetooth Flaw in Windows 7
‘Bluetooth sniper’ Windows vuln fix in light Patch Tuesday
Microsoft Squashes Bluetooth Bug
Microsoft patches ‘sexy’ Bluetooth bug in Vista, Windows 7
Microsoft Fixes 22 Bugs in July Patch Tuesday
Businesses should not ignore critical Microsoft Patch Tuesday update, say experts
Microsoft Patch Tuesday: four security bulletins
Microsoft Patch Tuesday – 12th July 2011
Windows Update

This isn’t the first time you’ve had to update Windows, you know what to do, so get busy.

/until next time, same patch time, same patch channel

Running On Empty

Actually, we’re running beyond empty now. The United States can’t legally borrow any more money until Congress acts to raise the debt ceiling.

US government hits debt ceiling, lighting 11-week fuse

Treasury Secretary Timothy Geithner informed Congress on Monday that the United States has reached its legal debt limit, setting off a ticking time bomb that could explode in less than three months if lawmakers can’t bridge differences and allow more government borrowing.

In hitting the $14.3 trillion debt ceiling – the limit on how much the government can borrow – the Obama administration on Monday began temporarily halting payments to the retirement and federal pension accounts of federal workers and started borrowing from those funds, to be restored later.

Geithner sent a letter to Senate Majority Leader Harry Reid, D-Nev., warning that the government can move money around for about 11 weeks but if a new debt ceiling isn’t agreed to by Aug. 2, the U.S. government could effectively default on its obligations to its creditors. He warned of “catastrophic economic consequences for citizens” unless Congress raises the debt ceiling.

An increase of about $2 trillion is expected, enough to get the issue past the 2012 elections before Congress would have to lift it again.

Republicans who control the House of Representatives vow to link raising the debt ceiling to cuts in government spending of at least equal measure. In a combative statement Monday, House Speaker John Boehner, R-Ohio, upped the ante.

“As I have said numerous times, there will be no debt limit increase without serious budget reforms and significant spending cuts, cuts that are greater than any increase in the debt limit.” Boehner has called previously for $2 trillion in spending cuts as part of any deal to raise the debt ceiling.

See also:
US hits $14 trillion debt limit
US Hits Debt Ceiling, But Treasury Market Rules Out Default For Now
Deja Vu, But No Disaster: U.S. Government Hits Debt Ceiling
U.S. Hits Debt Limit, Sky Doesn’t Fall
U.S. hit debt limit today
Treasury Tapping Federal Retirement Accounts to Stave Off Default
Turbo Tim Raids Pension Plans
With Debt Limit Maxed Out, Lawmakers Hold Firm On Remedy
Rep. Jordan: U.S. won’t default if debt ceiling isn’t raised
U.S. National Debt Clock

Well, we hit the debt ceiling and, despite all the Democrat Chicken Little hysteria, the Sun didn’t explode, the seas didn’t boil, and the markets didn’t plunge thousands of points. Go figure.

/all I can say is that the Republicans had better stand firm and hold their ground this time and hold out for concrete, verifiable spending cuts that at least equal the amount of any debt limit increase

Stardust Memories

A mission well played and an efficient use of taxpayer money too. They wrung every last bit of scientific data out of every last dollar.

Lights go out on NASA’s Stardust comet mission

Fresh off a bonus flyby of comet Tempel 1 in February, NASA’s Stardust spacecraft fired its four main engines for more than two minutes Thursday, draining its fuel tank as managers said goodbye to the well-traveled comet chaser after more than 12 years in space.

With Stardust’s single hydrazine fuel tank emptied, the craft lost its ability to control its orientation and the probe’s solar panels were expected to lose track of the sun, and officials anticipated the mission’s battery charge would be exhausted within hours.

Stardust was also programmed to turn off its radio transmitters about 20 minutes after the burn, just in case it might interfere with some future mission using the same frequency.

NASA announced the last transmission from Stardust was received at 7:33 p.m. EDT (2333 GMT) Thursday. Officials monitored the burn from the Jet Propulsion Laboratory in California and issued commands from the Lockheed Martin Corp. mission support center in Denver.

See also:
NASA and Lockheed Martin Say Goodbye to Historic Stardust Spacecraft
NASA’s Venerable Comet Hunter Wraps Up Mission
NASA’s Stardust: Good to the Last Drop
Inside NASA’s Space Funeral for the Comet-Hunting Stardust Probe
NASA kills off comet hunter
Comet-hunting spacecraft shuts down after 12 years
NASA Retires Comet-Hunter Stardust
NASA’s Stardust set to ‘burn to depletion’
NASA’s stardust empties its tank after 12 years
NASA’s ‘Comet Hunter’ Heads Off Into The ‘Sunset’
Stardust – NASA’s Comet Sample Return Mission
NASA – Stardust
Stardust (spacecraft)

Hopefully they put some type of return address on it.

/maybe, like a note in a bottle, something out there will find Stardust and bring it back home, as long as they’re good aliens that come in peace

Rustock Reigned In

Chalk up a big win for the white hats in the ongoing cyberwar against the evil spammers.

Good guys take down notorious Rustock spamming botnet

Rustock, one of the largest and most notorious spam botnets, suddenly fell silent Wednesday and has remained off line.

The takedown of Rustock’s 26 command-and-control servers appears to be the result of a coordinated effort by longstanding anti-spamming groups, the most prominent of which is Spamhaus.org, according to cybersecurity blogger Brian Krebs, who broke the story.

Rustock’s control servers directed the activities of hundreds of thousands of infected PCs in homes and businesses, used primarily to deliver e-mail and social network messaging spam. Rustock is infamous for spreading ads for drugs from unlicensed online pharmacies.

Details of how the takedown was achieved are unclear; Rustock’s control servers were renowned for being nigh impregnable.

Rustock has been around for at least three years, and late last year had doubled its spam output over the previous year; in 2010, Rustock sent out more than 44 billion spam emails per day, accounting for as much as 48% of all spam, and had more than one million bots under its control, according to MessageLabs, Symantec’ messaging security division.

See also:
Rustock Botnet Flatlined with No Spam Activity
Notorious Spamming Botnet, Rustock, Takes a Fall
Rustock botnet’s operations disrupted
Major spam network silenced mid-campaign
Rustock botnet goes quiet again
The World’s Largest Spambot Network Goes Quiet
Prolific Spam Network Is Unplugged
Prolific Spam Network Is Unplugged
Rustock Botnet is Down, But Maybe Not Out
Rustock botnet

It still amazes me how the botnet spammers find hundreds of thousands of computers to infect. If everyone would just keep their software patches up to date, botnets wouldn’t be a problem in the first place. It’s like leaving the front door to your house wide open with a sign that says “burglars welcome”.

/one of the biggest upshots of the Rustock takedown is that if you want to buy Viagra or other erectile dysfunction drugs in the future, you’re going to have to go see your doctor, because the spam offers will hopefully no longer flood your email inbox