Pushing The Cyberwarfare Envelope

A computer worm so sophisticated that it attacks specific targets in specific countries, gee I wonder who would be capable of developing something that advanced?

Stuxnet Compromise at Iranian Nuclear Plant May Be By Design

Iran has confirmed that more than 30,000 PCs have been infected by the Stuxnet worm in that country, including some at the Bushehr nuclear power plant. The nature of the Stuxnet worm and the infiltration of Iranian nuclear facilities has led to speculation about whether the worm was developed by the United States or its allies expressly for that purpose.

The Pentagon response to the implication is the standard cagey reply given for just about anything related to national security or military engagements. Fox News reports that, “Pentagon Spokesman Col. David Lapan said Monday the Department of Defense can “neither confirm nor deny” reports that it launched this attack.”

McAfee AVERT Labs has a thorough analysis of the Stuxnet worm which explains the threat in detail. “Stuxnet is a highly complex virus targeting Siemens’ SCADA software. The threat exploits a previously unpatched vulnerability in Siemens SIMATIC WinCC/STEP 7 (CVE-2010-2772) and four vulnerabilities in Microsoft Windows, two of which have been patched at this time (CVE-2010-2568, CVE-2010-2729). It also utilizes a rootkit to conceal its presence, as well as 2 different stolen digital certificates.”

Another interesting tidbit from McAfee supporting the speculation that Iran may have been the intended target of Stuxnet is that the initial discovery seemed to be primarily focused in the Middle East.

Speaking on the subject of whether the threat may have been specifically crafted for Iran, Randy Abrams, director of technical education at ESET said, “It appears that it is possible that Stuxnet may have been responsible for problems in Iran’s nuclear program over the past year, however that is speculation and it is unlikely that the Iranian government is going to say if that was the case. It is even possible that it was the case and they don’t know it.”

Abrams added, “It is entirely possible that Stuxnet was created by the United States working alone or in conjunction with allies. The fact that it is possible does not indicate it is true however. There have been a number of recent defections in Iran. It is also possible that this was an internal attack. There is still a legitimate question as to whether or not Iran was actually the target.”

See also:
Stuxnet Update
Iranian power plant infected by Stuxnet, allegedly undamaged
Iran admits Stuxnet worm infected PCs at nuclear reactor
Pentagon Silent on Iranian Nuke Virus
Stuxnet Worm Affects 30,000 Computers in Iran
Stuxnet worm assault on Iranian nuclear facilities’ computers may be Western cyber attack: experts
Computer worm infects Iran’s nuclear station
Stuxnet: Future of warfare? Or just lax security?
Stuxnet – a new age in cyber warfare says Eugene Kaspersky
Has the West declared cyber war on Iran?
Web virus aimed at nuclear work, says Tehran
Report: Stuxnet Worm Attacks Iran, Who is Behind It?
US, Israel behind cyber-attack on Iran?

Well, diplomacy sure as hell isn’t working and no one really wants to launch airstrikes against the Iranian nuclear facilities, especially fraidy cat Obama. So, maybe this is a third option, use the Iranians’ own computers to remotely destroy their nuclear related equipment, perfect, if it actually works. I know I’ve got my fingers crossed. Go U.S. or go Israel or go whoever is responsible for this brilliant plan!

/all your nuclear related computers are belong to us!

It’s Extra Special Patch Tuesday!

Yep, this gaping hole in Windows is so bad that Microsoft couldn’t even wait until next week’s regularly scheduled Patch Tuesday to try and fix it.

Microsoft issues emergency security patch for million dollar Windows flaw

Microsoft today rushed out an emergency patch for Windows Vista and Windows 7 PCs just eight days before its next Patch Tuesday.

The software giant issues security patches on the second Tuesday of each month, and only rarely issues so-called out-of-band patches. The company has never issued an emergency patch this close to Patch Tuesday, says Jason Miller, data and security team leader at patch management firm, Shavlik Technologies.

“Coming out with this patch this close to a Patch Tuesday is severe,” says Miller. “People should be paying attention to this one, and patch as soon as possible.”

Importantly, the emergency patch does nothing for hundreds of millions of PCs running Windows XP Service Pack 2 and Windows Server 2000, since Microsoft last month stopped issuing security updates for those older versions of its flagship operating system. The company continues to urge Windows XP SP2 users, in particular, to upgrade to Windows XP SP3, which will continue to get security updates, or to buy new Windows 7 PCs.

Update: To be clear, this patch will work on Windows XP SP3, Windows Server 2003 SP2; Windows Vista, Window Server 2008, Windows 7, Windows Server 2008 R2. It will not work on Windows XP SP2 or Windows Server 2000.

At the Black Hat and Def Con security conferences in Las Vegas last week, attendees referred to this Windows flaw as a $1 million vulnerability. Savvy hackers can tweak a basic component of all versions of Windows, called LNK. This is the simple coding that enables shortcut program icons to appear on your desktop.

No one in the legit world knew the LNK flaw existed until mid July, when security blogger Brian Krebs began reporting on a sophisticated worm spreading via USB thumb drives. That worm, known has Stuxnet, took advantage of the newly-discovered flaw to run a malicious program designed specifically to breach Siemens SCADA (supervisory control and data acquisition) software systems. Over a period of months the attackers had infected Siemens SCADA controls in power plants and factories in Iran, Indonesia, India and some Middle East nations, according to antivirus firm Symantec.

See also:
Microsoft Security Bulletin MS10-046 – Critical
Microsoft ships rush patch for Windows shortcut bug
Microsoft issues emergency patch for Windows shortcut link vulnerability
Microsoft Patches Windows Shell Vulnerability
Microsoft’s New Patch for Windows Shortcut Exploit
Emergency patch closes LNK hole in Windows
Microsoft sticks to plan, denies emergency patch for XP SP2

The new emergency patch is here, the new emergency patch is here!

/so, if your Windows didn’t automatically update, you’d better do it now