November 15, 2024

Stuxnet Computer Worm’s Creators May Be Active Again

Stuxnet, which infected tens of thousands of computers in 155 countries last year, created an international sensation when experts reported that it was designed as an American-Israeli project to sabotage Siemens Corporation computers used in uranium enrichment at the Natanz site.

The researchers say the new malicious program, which they call Duqu, is intended to steal digital information that may be needed to mount another Stuxnet-like attack.

The researchers, at Symantec, announced the discovery on the company’s Web site on Tuesday, saying they had determined that the new program was written by programmers who must have had access to Stuxnet’s source code, the original programming instructions.

“Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party,” the Symantec researchers said. “The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”

They said the Duqu program was found in Europe in a narrowly limited group of organizations, “including those involved in the manufacturing of industrial control systems.”

In contrast to Stuxnet, Duqu has been found in only a handful of organizations to date. The program is designed to last 36 days and then remove itself from the system it infected.

Like Stuxnet, Duqu tries to prove its authenticity by using a stolen digital certificate, this one apparently taken from a Taiwanese company. Symantec officials were able to revoke the security certificate after it was discovered stolen because the company owns the VeriSign authentication service that controls the certificate infrastructure.

The Symantec posting, and a related technical paper, raised a new mystery of its own. The company said it had been alerted to the new malware by a “research lab with strong international connections,” but declined to identify it further or say whether it was governmental or private.

According to Vikram Thakur of Symantec, the organization decided not to come forward because it wanted to protect the identity of the victim organization. The technical paper did include this comment from the team that apparently discovered the malware: “As we are in academia, we have limited resources to analyze malware behavior.”

Mr. Thakur added that in the two days since Symantec had received its initial malware sample, the security firm had received other variants of the program, which also appear to be aimed at makers of industrial control equipment.

The researchers identify a wide variety of similarities between Duqu and Stuxnet and said that the new program could not have been written without having access to the original programmer’s instructions. It has been previously noted that Stuxnet had both an attack capability as well as the ability to spy on the computers it infiltrated.

Security researchers have argued that the Stuxnet attackers were able to gather valuable intelligence information about the Iranian nuclear program as well as damage the control equipment at Natanz.

The Symantec researchers said they had not been able to determine how the Duqu code reached its target. Stuxnet used a wide range of system vulnerabilities, leading to speculation that it could have been written only by an organization with the resources of a national intelligence agency. Mr. Thakur said of Duqu, “This is extremely sophisticated, this is cutting edge.”

Article source: http://www.nytimes.com/2011/10/19/technology/stuxnet-computer-worms-creators-may-be-active-again.html?partner=rss&emc=rss

Gadgetwise: Lion’s Upgraded, Robust Security Features

New bells and whistles aren’t the only reason to upgrade to Lion. The new version of Apple’s operating system for the Mac also includes updated security features.

Macs have long been safer than Windows PCs, because they are very rarely chosen for attacks, probably because of the Mac’s much smaller market share and to crooks’ extensive expertise in writing malware for Windows. But now, they are also more secure than PCs, thanks to several crucial security improvements in the operating system itself, Mac OS X 10.7 ($30 download from the Mac App store).

So says Dino A. Dai Zovi, an independent security consultant. Those operating system features now put Lion ahead of Windows 7, the latest version Microsoft’s operating system, whose leadership was forged from the fire of relentless attacks by hackers and malware writers, he says.

Security Privacy

Keeping tabs on online threats.

The move comes while OS X remains a virtually malware-free zone, but concerns are rising that that won’t last. Quite a few Mac users were hit by a “scareware” program known as MacDefender this spring. As cybercrime rises and Mac’s market share grows, many experts expect more to come.

Seeing an increasing need for caution, “Apple put a lot of security features in the iPhone,” Mr. Dai Zovi says. “But on the Mac they haven’t really put in a lot of security features until now.” After all, why bother with locks if no one is trying to get in? But today, there is good reason: dissuading attackers from ever trying and knocking them back if they do. “They’re increasing the security protections as the bull’s-eye gets bigger,” he says.

Here are the top three new Mac security measures, according to Mr. Dai Zovi:

Sandboxes — Apple has embraced “sandboxing,” technology that restricts what an application can and can’t do and forces it to play only in its own little sandbox. Apple’s take on sandboxes — applications cannot read or write data in any app but their own — is stricter than that of Microsoft and Adobe, Mr. Dai Zovi says.

Many Apple applications are sandboxed in Lion, including the Safari Web browser and the Preview application that is used to view PDFs and images. This is welcome, considering that Web sites and Adobe files are the favorite vehicles of malware today. It means that a virus from the Web would be stuck in Safari and unable to grab assets elsewhere in your computer.

Even better, says Mr. Dai Zovi, starting in November, Apple will require that all applications sold in its Mac App store use this sort of sandbox by default. The requirement will end what has been an honors system in which Apple trusts but does not enforce that requirement. In the past, for example, Apple could not be sure that Skype wouldn’t read cookies stored in your browser and log into your Gmail account. Sandboxed, Skype wouldn’t be capable of that — and neither would that random product purchased from a fly-by-night start-up.

Apps sold in the store will also be subject to security checks by Apple, which could make the Mac App store the safest place to buy software for your Mac. It will work a lot like Apple’s store for mobile apps, where nary a malicious application has been seen.

Address Space Layout Randomization — It’s a mouthful, but it’s very good for you. ASLR, which involves rearranging memory in an application, makes it significantly harder for hackers to exploit software vulnerabilities because they don’t know where their potential targets are located.

Snow Leopard used ASLR in a limited way, and “if it’s not complete, it’s almost a waste,” Mr. Dai Zovi says. Lion, however, carries out ASLR fully, catching Macs up to Windows and Linux.

So far, most Mac attacks have involved “social engineering” to trick users into installing something malicious, not the sort of automated download that ASLR defends against. “Apple is being proactive here,” he says. “It’s likely that, as the Mac platform gains market share, they will see this type of malware.”

FileVault 2 — Lion includes Apple’s second stab at data encryption for your computer. In Snow Leopard, FileVault encrypted only users’ home directories, the place where most user files are kept. The program was also slow and didn’t work well with Time Machine, the Mac backup system.

With Lion, however, FileVault delivers full-disk encryption and encrypted data in Time Machine backups and on removable drives. This change means that if your laptop (or USB stick) is lost or stolen — arguably Mac users’ biggest security risk — your data is safe. You do have to be careful not to get locked out yourself. As a safety net, you can have Apple store a recovery key for you, should you forget your password, or you can print it out and stash it in a safe place.

So is all this a reason to upgrade to Lion immediately? Not necessarily.

With the security threats so limited, it isn’t vital to have these features right now, Mr. Dai Zovi says. “There are always a few rough edges in an initial release, and there might be some incompatibilities with various applications,” he says. “These kinks are usually worked out by the .1 or .2 releases, and that would be a better time for most users to upgrade.”

Article source: http://feeds.nytimes.com/click.phdo?i=d8ed8d8466f15f767a59a49c82b28571