Stuxnet worm
A sophisticated worm created grave concerns for businesses utilizing Siemens specialized industrial equipment this month. This is the first attack targeted at critical industrial infrastructure. The Stuxnet malware took advantage of vulnerability in Microsoft’s Print Spooler service. Microsoft released a patch for this flaw in its MS10-610 update.
Before the patch was released, this flaw allowed the worm to spread between computers, mainly via USB memory sticks. After installation, the worm uses Siemens’ default passwords to find and try to gain access to systems that run PLC (programmable logic controller) programs used to manage large-scale industrial systems in factories, the military and power plants. After gaining access, configuration information is uploaded to a command and control server. The attacker can then reprogram the way the equipment works.
Stuxnet also contains a rootkit that hides commands from the operators of the Siemens systems. Commercial antivirus programs are able to detect and remove the malicious Windows components. However, the Siemens software might still contain hidden commands. The largest numbers of infections were observed in an Iran, specifically an Iranian nuclear power plant. Infections in facilities in the U.K., North America and Korea were also reported.
Here You Have virus
Named for the email subject line, the mass mailer ‘Here You Have’ virus took down mail servers at NASA, Comcast, Disney and Wells Fargo this month. The virus used a well known means to spread. A link sent via email. Once the user clicked on the link, executing the virus, it attempted to forward itself to every contact in the users address book. It also disabled security software on vulnerable Windows computers and attempted to download malicious files. If successful the files would extract passwords from browsers, emails clients and other applications.
The FBI is investigating the source of this virus. A hacker using the name "Iraq Resistance" has communicated with IDG News Service about the incident. However, Iraq Resistance has revealed very little about his identity. Experts suggest he is a Libyan hacker building support for the cyber-Jihad group Tarig ibn Ziyad. The goal of this group is to break into US Army Systems.
