USB flash drives continue to present a serious challenge to information security, for consumers and companies alike. You will be aware of this if you read our recent article on the Win32/Pronny worm, just one example of a piece of malicious software that is “in the wild” and actively seeking to spread via USB flash
Carbon Black assert that if an AV company doesn't detect malware within six days of its being flagged on Virus Total, it probably won't after a month. Is that as dangerous as it sounds?
Last week, reports of a new malware named Gauss emerged, a complex threat that has attracted a lot of media attention due to its links to Stuxnet and Flame and its geographical distribution. Since ESET has added detection for this threat, we are seeing geographical distribution of detection reports similar to those detailed by Kaspersky.
Aleksandr Matrosov looks at the internal architecture of Win32/Flamer's mssecmgr.ocx module.
Analysis of the Flame worm (Win32/Flamer) reveals some interesting facts about the internal structure of its main module.
The slow drip of revelations about Flame have kept this piece of malware in the news for more than two weeks so it is worth reminding people that most antivirus programs now protect against Flame (ESET products detect it as Win32/Flamer.A). The coverage of Flame was boosted last week by a conveniently-timed assist from leaks
A week ago the big malware news was the code known as Flame, Flamer, or sKyWIper (detected by ESET as Win32/Flamer.A), then on June 1, this news broke: "A damaging cyberattack against Iran’s nuclear program was the work of U.S. and Israeli experts and proceeded under the secret orders of President Obama." (Washington Post) Clearly,
For the last few days, much malware research time has been devoted to the brand-new malware that ESET calls Win32/Duqu. One of the features that makes this kind of malware particularly interesting is that it very closely resembles Stuxnet, one of the most sophisticated worms of recent years. Last year we performed in-depth analysis of
I notice there's a flurry of articles around the "Stuxnet anniversary" and "After Stuxnet" themes...
In fact, the real interest of the document lies in the extensive overview (12 closely-typed pages without graphics and such) of the DHS view of its own cybersecurity mission.
I've stopped maintaining Stuxnet resource pages recently, but occasionally I come across an article that adds something useful to the mix, or simply summarizes aspects of the Stuxnet story neatly and accurately. Besides, its authors must be feeling a little left out with all that fuss about TDL4. ;-) A recent report in Wired gives
...the 'next Stuxnet' probably won't be any such thing, whatever we may choose to call it...
Cyber Security pundits have been keenly watching the development of nascent state targeted attacks such as the Stuxnet worm with interest for some time and warning of the possible implications, but now it’s official. According to The Wall Street Journal, “The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public
… albeit more slowly than previously. Added to the resources page at https://www.welivesecurity.com/2011/01/23/stuxnet-information-and-resources-3 today: A nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged as the most sophisticated malware ever. See, for instance, http://gcn.com/articles/2011/01/18/black-hat-stuxnet-not-superworm.aspx. (Hat tip to Security Garden for the pointer.)
Kelly Jackson Higgins in a Dark Reading article tells us that Malware Attacks Decline In SCADA, Industrial Control Systems, quoting a report published by the Security Incidents Organization drawing on its Repository of Industrial Security Incidents (RISI) database. One aspect that’s attracted attention on specialist lists is the mention of a large US power company
Added 5th March 2011 to the Stuxnet resources page at http://blog.eset.com/?p=5945...
Added to the Stuxnet resources page at https://www.welivesecurity.com/2011/01/23/stuxnet-information-and-resources-3 on 4th March 2011: Ralph Langner at the TED Conference, as summarized by the BBC: US and Israel were behind Stuxnet claims researcher. As previously mentioned at https://www.welivesecurity.com/2011/03/03/nice-stuxnet-commentary-and-hype-deflation. (Hat tip to Mikko Hypponen. Again!) David Harley CITP FBCS CISSP ESET Senior Research Fellow
The February ThreatSense Report is now available...
A few more developments in the Never-Ending Story: Michael Joseph Gross on A Declaration of Cyber War in Vanity Fair. Despite a somewhat breathless tone in the introduction – "the world’s top software-security experts were panicked by the discovery of a drone-like computer virus" (where's my Valium?!) – actually a comprehensive and largely accurate account. It
Links added today to the Stuxnet resources page...
