Beyond Stuxnet

Looks like someone, and I’m guessing it’s not the Anonymous script kiddies, is getting ready to open a serious can of cyberwarfare whoop ass on someone.

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

See also:
Son of Stuxnet Found in the Wild on Systems in Europe
Duqu May Have Targeted Certificate Authorities for Encryption Keys
Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?
“Son of Stuxnet” Virus Uncovered
New virus a cyber ‘attack in the making’
Cyberattack forecast after spy virus found
Stuxnet successor on the loose?
Brace for “son of Stuxnet” — Duqu spies on SCADA
Duqu: Son of Stuxnet?
Symantec, McAfee differ on Duqu threat
Who’s behind worm Duqu, ‘son of Stuxnet’?
Stuxnet-based cyber espionage virus targets European firms
Key European Nuclear Firms Attacked By Variation On Stuxnet Virus

A couple of conclusions come to mind. First, the fact that Duqu is based on Stuxnet and the Stuxnet source code has never been released makes it a sure bet that the authors are one in the same, namely Israel and/or the United States, Second, the fact that Duqu is clandestinely collecting information from European manufacturers of industrial control system software, specifically software that controls nuclear facilities, strongly suggests that the eventual primary target of the apparent pending cyberattack will, once again, be Iran’s nuclear program.

/in other words, Duqu is setting up a cyberassault that will hopefully finish, once and for all, the job that Stuxnet so effectively started, halting Iran’s quest for a nuclear weapon in its tracks without having to bomb the [expletive deleted] out of their nuclear facilities

Advertisements

Classless Warrior Without A Clue

Unless you’ve been living under a rock for the last few years, you know that the U.S. economy isn’t in good shape. Some doomsayers are even predicting that we’re headed for or already in another recession. What’s the proper tax policy when dealing with a fragile economy? Let’s see what Obama had to say on the subject two years ago.

That’s right, the last thing you want to do is raise taxes in a recessionary environment, because it would suck demand out of the economy and put businesses further in a hole. So, what did cynical Captain Clueless announce today?

Obama proposes new taxes on wealthy for half of debt plan

President Obama made a defiant call on Monday for $1.5 trillion in new taxes as part of a plan to find $3.2 trillion in budget savings over the next decade, issuing his most detailed proposal yet to tame the soaring federal debt.

Abandoning earlier compromises, Obama adopted a posture that cedes far less ground in cutting the nation’s social safety net and demands much more in terms of new levies on millionaires, other wealthy Americans and some industries.

See also:
Obama says raise taxes for the rich to help cut huge deficits; GOP says that’s class warfare
Boehner on Obama deficit plans: Tells Fox Business, “I don’t think I would describe class warfare as leadership”
Old debate over raising rich’s taxes plays out on new landscape
Tax the rich, Obama says; class warfare, says GOP
Analysis: Deficit plan not class warfare, Obama insists
Obama: “This is not class warfare — It’s math”
Obama campaign takes on ‘class warfare’
Obama Yokes Benefit Cuts to New Taxes
Obama links entitlement cuts to tax changes
Obama proposes tax hike on wealthy to close deficit
Higher taxes for the mega-rich
Obama’s deficit proposal marks a move away from compromise

What a brilliant idea, let’s tax the [expletive deleted] out of the rich, you know, the same people who spend and invest money and create the jobs that we need to grow the economy out of the hole we’re in now. Of course, Obama knows damn well that his proposed tax increases will never pass through Congress. Even most Democrats aren’t stupid enough to vote to raise taxes in the face of a weak economy.

But Obama still proposed the tax increases anyway, even though he knows they’ll never see the light of day, why? Because it’s a cynical political ploy to shore up his lefty base in a futile attempt to salvage his ever decreasing chances of winning reelection. When Obama says it’s not about class warfare, you can be damn sure it’s all about class warfare. Hey Obama, you want everybody to pay their “fair share”, how about the 50% of Americans that don’t pay any taxes at all?

Obama doesn’t give a [expletive deleted] about the economy and whether his words and actions make a recovery harder to achieve. The only “job” he cares about is his own. He’s basically abdicated from the last 14 months of his first term as President to campaign full time for a second term, the rest of the country be damned.

Obama is like a $4 trillion ton drag, jumping up and down on the back of the economy. I can guarantee you that the second it’s a done deal that Obama’s on his way out, the country will breathe a huge, collective sigh of relief and the economy will take off like gangbusters again.

/until the elections, I think it’s best that we just ignore Obama and practice a policy of fiscal and regulatory containment

Super Bot

This sure looks like a nasty piece of work.

Massive botnet ‘indestructible,’ say researchers

A new and improved botnet that has infected more than four million PCs is “practically indestructible,” security researchers say.

“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said.

. . .

TDL-4 infects the MBR, or master boot record, of the PC with a rootkit — malware that hides by subverting the operating system. The master boot record is the first sector — sector 0 — of the hard drive, where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks.

Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

But that’s not TDL-4’s secret weapon.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

See also:
TDL4 – Top Bot
Sophisticated TDL-4 Botnet Has 4.5 Million Infected Zombies
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
TDL-4 creates 4.5 million PC ‘indestructible’ botnet
Security Researchers Discover the Mother of All Botnets
TDL-4: The ‘indestructible’ botnet?
There’s a Botnet Called TDL-4 That’s Virtually Indestructable
‘Indestructible’ Botnet Enslaves 4.5 Million PCs
‘Indestructible’ Zombie PC Botnet Borrows Exploit From Israeli, U.S. Cyberweapon
Have cybercriminals created the perfect botnet — undetectable and indestructible?

If you ever needed a reason and reminder to keep your operating system, anti-virus, and anti-spywware software patched and up to date, this would be a good one.

/remember, if you’re not part of the solution, you’re potentially part of the problem