Endpoint Protector Appliance: Stop data theft on Windows and Mac

“there is always an idiot around who doesn’t think much about the thumb drive in their hand”

Stuxnet, the worm created by the US and Israel for breaking down Iran’s nuclear plant Natanz got out of their control

An article published today in the New York Times shows that the Stuxnet virus-written and deployed by the US and Israeli government-targeting the Iranian nuclear plant Natanz got out in the wild. It seems that the purpose of the code was to set back the Iranian nuclear research program by commanding the control hardware responsible for the spin rate of the centrifuge equipment. The important aspect of this is the fact that the worm only targeted this specific nuclear plant, it was never intended to spread on the Internet.

The network at Natanz is air-gapped, which made it very difficult for the people who made the plan to introduce the code into the network. They needed someone with physical access to the site to get the worm inside through thumb drives (this is also the manner how the first versions of the worm were distributed). To quote one of the architects of the plan: ‘It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.’

The way Stuxnet spread outside Natanz’s network is most probably on a laptop. Fortunately, security researchers were able to annihilate it.

Ramnit worm steals 45000 Facebook users’ credentials

The Ramnit worm, first discovered a year and a half ago, a malware that used to target online banking and FTP credentials, makes victims among UK and French Facebook users.

A new version of the worm managed to steal more than 45000 Facebook usernames and passwords and tried to attack the e-mail accounts and virtual private networks of affected persons. The worm has sent malicious links to victims’ friends, links that downloaded malware to the person’s computer, which helped spread the worm even faster.

It seems like the attackers are adapting to market tendencies, targeting social networks rather than traditional communication means (such as email).

For more details, you can read the techweekeurope.co.uk report.

This time it seems to be too much

October 12th, 2011 by Cristina (0) In the News,Malware Infections

What you can see in the picture is belonging to US Navy Drone Reaper. It is remotly controlled air vehicle used during combat missions in Afghanistan. A machine that is capable of neutralising targets or performing reckon missions. What would you say if you found out, that every “step” of the machine was tracked by a computer virus - a keylogger? dangerroom says that no more than 2 weeks ago on computers in Creech Air Force Base in Nevada. Since then, pilots are still performing overseas missions, and also there were several attempts to remove the malware. However,

We keep wiping it off, and it keeps coming back

It does not sound promising if one of most important America’s weapons is infected. It is not sure whether the infection was done on purpose or it was accidental. The virus is believed to be spread with removable devices, that are used to load map updates and transport mission videos from one computer to another. Read more

A virus exposes private data of 3000 patients of an american clinic

An investigation inside the Living Healthy Clinic of Wisconsin, US has revealed the existence of a virus on a computer in the network that exposed 3000 patient records.

The experts have concluded that the attack was not targeted, as it was reported that the same type of virus was found on other computers in the US that had nothing to do with the clinic.

The information exposed after the attack included names, addresses, social security numbers and medical records of some patients.

The officials will announce the affected persons on the security breach and they will inform them on the measures to take to protect themselves.

ZeuS cybercrime toolkit can be bought on underground forums

March 24th, 2011 by Agent Smith (0) Malware Infections

It seems that files very similar to what has been called the Zeus cybercrime toolkit have appeared in some underground forums and are available for purchase.

The whole sales announcement and process has been set up by someone nicknamed IOO and it is supported by screenshots of portions of ZeuS code. IOO is not very restrictive when it comes to payments, paying for Zeus can be easily settled via any escrow services and more information can be offered via CIQ or Jabber. Read more

New variations of the Stuxnet worm expected to emerge in 2011

January 3rd, 2011 by Agent Smith (0) Malware Infections

Due to the success the Stuxnet cyber worm has registered in slowing down the Iranian nuclear program and many other industrial systems around the world, variations of this malware are expected in 2011.

According to eWeek, the Stuxnet worm might have damaged up to 1,000 Iranian centrifuges, after infecting more than 62,000 computer systems in Iran alone. The very efficient and complex Stuxnet cyber worm raises serious concerns that its variants will manage to affect other systems around the world - beyond the traditional information technology targets. Read more

New concerning clues in the “Stuxnet” case

November 18th, 2010 by Agent Smith (0) Malware Infections
New and concerning discoveries have surfaced in the Stuxnet case. According to Symantec, the worm is apparently designed to sabotage specific types of facilities, like nuclear plants and other key locations. It employs a subtle sabotage technique that is meant to overload physical machinery by briefly speeding them up over a span of weeks.

Discovered this year in June in Iran, Stuxnet has already infected more then 100000 computer systems world wide and is not as it first seemed a sophisticated windows virus designed to steal data. It apparently contains code targeting Siemens Simatic WinCC SCADA systems, which are control systems that manage pipelines, nuclear plants and various utility and manufacturing equipment. Despite these discoveries, the specific sabotage function has no yet been discovered. Read more

Stuxnet and cyber warfare – the future is now

October 1st, 2010 by Agent Smith (0) In The Spotlight,Malware Infections

Back in 2008, assuming that the human factor would eventually fail at some point and people would make the mistake of plugging an unsecured memory stick into a military laptop, several memory sticks were scattered in a US military base in the Middle East that was providing support for the Iraq war. All these memory sticks were deliberately infected with a computer worm.

It resulted in the self-propagation of a computer worm into the computer system of Centcom – the central command of the US military. The eradication process took 14 months. Apparently this attack, acknowledged by the Pentagon only in august 2010, was very similar to a Stuxnet worm attack which was used in attempts against Iraq’s nuclear facilities and Iran’s nuclear programme. Read more

How to Stop Conficker/Stuxnet in four easy steps – Advisory by CoSoSys

September 28th, 2010 by Agent Smith (1) endpoint security,In the News,Malware Infections

As some of you may know, the Stuxnet worm (and Conficker) has been running amok on both private and corporate networks. The malware spreading via USB devices is always the source of new threats. The latest development of Stuxnet exploits zero day vulnerabilities to target supervisory control firms and data acquisition (Scada) and other industrial systems. Such systems are being used to control pipelines’ pressure or motor work rates on industrial factory floors. Typical environments can be oil pipelines and power-plants, factories etc.

Endpoint Security and Device Control Solutions with low TCO and great ROI.

Conficker/Stuxnet detects platforms with Scada systems installed on and uses Windows vulnerabilities to gain access and spread through the network. In the light of current events and the continuous spread of the worm through USB ports and USB portable devices, endpoint security and data loss prevention solution developer CoSoSys has created a four-step strategy against Stuxnet that’s extremely easy to implement: Read more

Stuxnet Worm: New threat targets Scada Systems and other industrial environments

September 20th, 2010 by Agent Smith (1) In the News,Malware Infections
Research in the area of malware has revealed a new and sophisticated threat that targets and exploits four zero-day vulnerabilities in an attempt do disrupt industrial systems. The new threat is caused by an older malware, the Stuxnet worm which appeared for the first time in July and was spread via USB devices. It now seems that it has been designed to target supervisory control firms and data acquisition (Scada) systems.

These systems have a mainly industrial usage. They are being used to control pipelines’ pressure or motor work rates on industrial factory floors. Typical environments can be oil pipelines and power-plants, factories etc. Read more