Weaponized software

Iran is fighting off a significant cyber attack, reports The New York Times. The worm, dubbed Stuxnet, represents a hellish breakthrough in the evolution of computer viruses.

Stuxnet, which was first publicly identified several months ago, is aimed solely at industrial equipment made by Siemens that controls oil pipelines, electric utilities, nuclear facilities and other large industrial sites. While it is not clear that Iran was the main target — the infection has also been reported in Indonesia, Pakistan, India and elsewhere — a disproportionate number of computers inside Iran appear to have been struck, according to reports by computer security monitors.

The Christian Science Monitor first reported on Stuxnet in June.  The primary source of the CSM story was computer security expert Ralph Langner, who has been chronicling his research of the virus on his Web site. Langner called Stuxnet the “hack of the century,” and said “Stuxnet is going to be the best studied piece of malware in history.”

Wired magazine, unsurprisingly, has the definitive story.

“It’s the most complex piece of malware we’ve seen in the last five years or more,” says Nicolas Falliere, a code analyst at security firm Symantec. “It’s the first known time that malware is not targeting credit card [data], is not trying to steal personal user data, but is attacking real-world processing systems. That’s why it’s unique and is not over-hyped.”

… Eric Byres, chief technology officer for Byres Security, says the malware isn’t content to just inject a few commands into the PLC [Programmable Logic Controller] but does “massive reworking” of it.

“They’re massively trying to do something different than the processor was designed to do,” says Byres, who has extensive experience maintaining and troubleshooting Siemens control systems. “Every function block takes a fair amount of work to write, and they’re trying to do something quite radically different. And they’re not doing it in a light way. Whoever wrote this was really trying to mess with that PLC. We’re talking man-months, if not years, of coding to make it work the way it did.”

VBMania: New worm ‘spreading like wildfire’

McAfee and others are reporting a new and fast spreading worm, currently dubbed the “Here you have” virus, which spreads via emails with the subject line “Here you have” or “Just for you”.

In the content of the email is a link to a Web site that hosts the virus. Since the actual virus file is not on the user’s computer, it’s very easy to evade anti-virus protection.

Once the virus infects a computer, it then sends itself to all the addresses in the computer user’s address book. The new emails appear as if they were sent by the infected user, which of course they were. Unsuspecting users are apparently clicking on the links by the hundreds of thousands.

Symantec says the new worm also:

  • Spread through mapped drives through autorun
  • Spread through email by taking contacts from the address book
  • Spread through instant messenger
  • Disables various security related programs

MacAfee provides the forensics and disinfection tools.

How safe is Facebook?

Users in the United States were given access to the Facebook accounts of other people, reports the Associated Press.

“A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers’ accounts with full access to troves of private information,” the story says.

The AP does not explain how the mix up happened, but the problem is not with Facebook, apparently. The glitch, “a routing problem,” occurred between the users’ phone and their Internet service provider, AT&T.

Security experts interviewed for the story said they had never heard of a case like this, where users were given access to the wrong account. It’s unknown whether such a mix up is rare, or just rarely reported. Experts agreed that the same flaw could happen with other applications, such as email or blogging services.

READ IT: Network Flaw Causes Scary Web Error

MORE: Ars Technica provides a not-too-technical explanation of what likely happened, including this pithy synopsis:

“So it looks like AT&T did something wrong—even though I wouldn’t call it a “routing” problem—and the company is in the process of fixing things. But Facebook also shares some blame for this situation. Apparently Facebook, like many other sites, doesn’t think the information tied to a user’s account is important enough to protect with something stronger than a clear text cookie.”