Yet more on Win32/Stuxnet

Our colleagues in Bratislava have issued a press release which focuses on the clustering of reports from the US and Iran, and also quotes Randy Abrams, whose follow-up blog also discusses the SCADA-related malware issue at length.

The Internet Storm Center has, unusually, raised its Infocon level to yellow in order to raise awareness of the issue and “preempt a major issue resulting from its exploitation.

Softpedia and Computerworld are among sites noting the publication of exploit code using the .LNK vulnerability.

Our colleagues in Spain have also published a blog that makes a couple of points worth reiterating.

  • Use an antivirus product capable of detecting these threats. Of course, you’d expect us to say something like this since anti-malware is what we sell, but the fact is that at this moment AV detection may be a better solution for the currently known threats than the workarounds suggested by Microsoft in their advisory. Note, however, that there are indications that those responsible for the initial attacks are already taking measures to vary the attack. (More about that later.)
  • If you’re using XP SP2, it’s quite possible that there will be no patch from Microsoft that will help you when they are ready to patch. Of course, the same applies to Windows 2000 users, only more so. At least SP2 users should be able to get respite by upgrading to SP3.

David Harley CITP FBCS CISSP
Senior Research Fellow

Author David Harley, ESET

4 Responses to “Yet more on Win32/Stuxnet”

  1. Kolor says:

    Eset Security does not have shell extension for on demand scan of .LNK files, is this likely to change now?

  2. Randy Abrams says:

    I'm not sure what you mean. You can right click on any file and scan it.
    Randy Abrams

  3. Kolor says:

    Tried with the PoC with the following results:

    http://img69.imageshack.us/img69/7097/eset.png

    Maybe I'm missing something?!

  4. Randy Abrams says:

    Yes, there was a short time we had to pull the generic detection to fix a problem. it was then put back into the updates and you will find the PoC is detected as are some new .lnk files we are beginning to see used for malware.

Leave a Reply

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
19 Jul 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.