Tuesday Fun With Microsoft

The new patches are here, the new patches are here!

Microsoft Patches 17 Bugs in December Patch Tuesday

Microsoft fixed 17 bugs in the Windows operating system, Microsoft Office, Windows Media Player and Internet Explorer. The fixes also cover a zero-day flaw exploited by the Duqu Trojan.

Microsoft released 13 security bulletins to fix 17 different vulnerabilities as part of its December Patch Tuesday update, according to the advisory released Dec. 8. Three bulletins were marked critical and the remaining 10 were rated important.

See also:
Microsoft Security Bulletin Summary for December 2011
Merry Christmas! Microsoft Plans Massive Patch Tuesday to Close 2011
Last Patch Tuesday of 2011 Secures Windows XP, Vista, Windows 7
December 2011 Patch Tuesday sees 13 Microsoft bulletins, Duqu patch
Microsoft fixes 20 bugs in year’s last ‘Patch Tuesday’
Microsoft to patch three critical holes
Microsoft slims final patch Tuesday of 2011 to 13 patches from proposed 14
No BEAST fix from Microsoft in December patch batch
Microsoft fixes Duqu hole, but not BEAST problem
Microsoft scratches BEAST patch at last minute, but fixes Duqu bug
December Patch Tuesday Fixes Duqu Worm
‘Duqu’ zero-day Windows flaw patched this week
Microsoft: Duqu patched, bringing years total to 99 corrections

Well, it’s a good thing that Microsoft finally patched against the Duqu virus, better late than never, as they say. What are you waiting for? Start installing your gifts!

/at least you can’t say Microsoft didn’t get you anything for the Holidays

Duqu Shoots, It Scores!

Duqu goes in where Stuxnet has been . . .

Iran claims defence computer systems hit by another ‘supervirus’

Anti-virus experts last month identified a virus called “Duqu” that they said shared properties with the now famous “Stuxnet” worm, which spread across the world but is thought to have been successfully targeted at the nuclear programme’s centrifuges, the devices that enrich uranium to create nuclear fuel.

It was not clear on Monday from the Iranian statement whether Duqu had also struck nuclear facilities, but it was the first admission of damage.

“We are in the initial phase of fighting the Duqu virus,” Gholamreza Jalali, the head of Iran’s civil defence programme, said. “The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet.

See also:
Iran Working to Control Duqu Virus Attack
Iran detects Duqu virus in system
Duqu Virus Detected in Iran
Iran says has detected Duqu computer virus
Iran finds Duqu-infected systems
Duqu infiltrates Iranian networks
Iran admits Duqu attack; denies report its nukes are for war, not power
Iran detects Duqu infections
Iran wrestles Duqu malware infestation
Security researcher says Iran to blame for its own Duqu infections
Iran claims Duqu virus aimed at sabotaging its nuclear sites
‘Duqu virus aiming at Iran’s nuclear sites’
Iranians say nuke project hit by new computer virus
Iran produces antivirus software against new worm
Iran Develops Software to Thwart Duqu Virus Attack
‘Iran can thwart Duqu spyware’
Iran says Duqu malware under ‘control’
Iran says it has ‘controlled’ Duqu malware attack
Beyond Stuxnet

Duqu is the, arguably more sophisticated, follow on to Stuxnet, which took control of Iranian uranium enrichment centrifuges and spun them at speeds well beyond their design capability until they failed. Stuxnet was an offensive weapon. Unlike Stuxnet, Duqu is, at least so far, strictly a reconnaissance tool, gathering and reporting back information on systems related to Iran’s nuclear program, preparing the battlespace as a prelude to a future attack if you will. Whether the next attack will be another
Stuxnet like cyberstrike or physically digging in the Iranian dirt is a layman’s guess. One thing’s for sure, the next attack on Iran’s nuclear program is coming and Iran won’t be able to stop it.

Iran claims to have thwarted Duqu but, then again, they said the same thing about Stuxnet and Stuxnet blew out their centrifuges. Anyway, if Iran is just now admitting that they’ve been infected by Duqu, Duqu may have already accomplished its reconnaissance mission and gone dormant. Whatever information Iran releases publicly is pretty much a lie, propaganda, you can safely assume that whenever they acknowledge their nuclear program has been compromised, the damage is much worse than they’re letting on.

And remember, whether it’s another cyberattack or airstrikes against Iranian nuclear facilities, all it does is buy us time. Stuxnet set the Iranians back, but it didn’t deter them. Destroying some of their nuclear facilities won’t deter them either, in fact, it’ll probably make them even more defiant. The only endgame that will bring closure is regime change. And think about it, if we do that, we’ve just resolved 70+% of the world’s instability problems.

/my vote is for a comprehensive, all hands on deck, leave no stone unturned, decapitation campaign, Mullahs and the Republican Guard gots to live and work somewhere and I bet we have the GPS coordinates

Don’t Get Caught In The Crossfire

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

See also:
Microsoft Security Advisory (2639658)
Microsoft software bug linked to ‘Duqu’ virus
Microsoft Provides Workaround Patch for Duqu Malware
Microsoft announces workaround for the Duqu exploit
Microsoft Issues Temporary Duqu Workaround, Plans 4 Patch Tuesday Fixes
Six Ways to Protect Yourself from Duqu
Microsoft Airs Temporary Fix to Defeat Duqu Worm
Microsoft Releases Temporary Plug For Duqu
Duqu exploits same Windows font engine patched last month, Microsoft confirms
5 Things To Do To Defend Against Duqu
Microsoft issues temporary ‘fix-it’ for Duqu zero-day
Patch Tuesday: Fix for ‘Duqu’ zero-day not likely this month

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Watching The Drone Watchers

I smell China, or maybe Russia. The fact that the virus keeps resisting efforts to remove it shows that there’s some sophistication involved.

U.S. Military Drones Infected With Mysterious Computer Virus

A fleet of U.S. military drones on a Nevada Air Force base has been infected by a keylogger virus that tracks every key and button their pilots press, Wired.com reported Friday — and top Air Force sources strongly contested.

The virus was first noticed by officials at Creech Air Force Base nearly two weeks ago using the base’s security system. It logged every keystroke of the pilots in the control room on the base as they remotely flew Predator and Reaper drones on missions over Afghanistan and other battle zones.

There has been no confirmation of information being lost or sent to an outside source, but the virus has been resistant to military efforts to clear it from the system.

“We keep wiping it off, and it keeps coming back,” a source told Wired.

See also:
Exclusive: Computer Virus Hits U.S. Drone Fleet
Computers Controlling Military Drones Reportedly Infected with Virus
Computer Virus Attacks U.S. Military Drones: Wired
Keylogger virus hits US drone operations
Combat drones’ computer systems reportedly infected with virus
Computer virus hits US’ Predator drone fleet
US war drones keep flying despite computer virus
America’s Drones Have Been Infected by a Virus
Virus infects Pentagon drones’ computers
U.S. Drone Controllers Said To Be Infected By Computer Virus
US drones hit by virus
U.S. Military Facing a Battle Unlike Any Other
Cyberwar: a Whole New Quagmire – When the Drones Come To Roost
Creech Air Force Base

Theses computers didn’t just infect themselves, they were almost surely infected by someone, either deliberately or unwittingly, connecting a malware infected memory stick or other portable media storage device to the network. This has been a known attack vector for a long time now and it’s easily preventable, simply don’t allow portable media storage devices anywhere near classified computer networks!

/search all personnel coming and going if that’s what it takes, it’s a small price to pay for avoiding potentially catastrophic security breaches like this

They Got Fooled Again

Much like the United States, Iran seems to have a real problem protecting its computer networks. Someone seems to be obsessed with sabotaging their nuclear program. I wonder who that might be?

Second computer virus infiltrates Iran’s computer systems

Iran has discovered a second computer virus designed to damage government computer systems.

The discovery of the virus, called Stars, was announced Monday by a senior Iranian official, Gholam-Reza Jalali, head of an Iranian cyberdefense agency, according to reports.

Jalali said in a statement that the damage from the virus, which looks like a regular government computer file, has been minimal and that Iranian scientists are currently studying the virus.

The virus was aimed at nuclear facilities, according to the Washington Post, and seems to suggest “a broader campaign by foreign saboteurs to undermine Iran’s atomic energy program.”

See also:
New Computer Strike Could Target Iranian Atomic Sites
Fresh Virus Outbreak Affects Iran’s Computer Systems
Iran discovers 2nd virus attack
New cyber attack targets Iran
Iran Claims Stars Virus a Second Cyber-Attack
Iranian official: New computer worm discovered
Iran investigates Stars virus
Iran Says It Was Targeted With Second Worm, Stars
As the Worm Turns: Iran Sees Stars
Iran says is uncovers second cyber attack
Iran Under Fresh Malware Attack
Security experts can’t verify Iran’s claims of new worm
Is the Stars Worm Just a Hoax?

Well, I certainly hope the Stars virus attack on Iran’s nuclear program isn’t a hoax and does as much damage as the Stuxnet worm, which was apparently wildly more effective than Iran is admitting to.

/you’ll note that Iran still hasn’t managed to power up the Bushehr reactor, which is as good a yardstick as any that their nuclear program has been ground to a halt