Week in Review: Stuxnet Redux and The Wire's D.C. Edition

Stuxnet Redux and The Wire: United States

Governments, the Internet and security were the theme as Internet wiretapping, trans national cyber laws and the further proliferation of Stuxnet - a computer virus believed to have state backing - topped this week's news.

After more than a week of intense speculation about the origins of the mysterious Stuxnet virus, which was first identified in July,  the 20^thVirus Bulletin conference being held in Vancouver this week, brought still more information about the worm into the daylight.

Presentations from Microsoft, Kaspersky Lab and Symantec researchers revealed key details about the functioning of the worm and its possible origins. In a highly anticipated talk, Liam O’ Murchu, of Symantec, dissected Stuxnet’s unique ability to control programmable logic controllers from Siemens Inc. and to show how Stuxnet might be programmed to cause machinery to run out of control, or even self destruct. 

From the nation’s capital came news that the Obama administration was pursuing a bill that would require alternative communication services to give law enforcement access to customer’s messages. Dennis took the point on Wednesday and discussed how dangerous it’d be to purposely insert security weaknesses in programs just to help the government. National security is one thing, but crafting easily exploitable holes could be trouble

Some holes, however, were patched. On Tuesday, Microsoft released its second out-of-band patch in recent memory. This time around, the patch addressed September’s ASP.NET debacle. The flaw in Microsoft’s framework was first discussed at Argentina’s Ekoparty two weeks back.

As successful of a story as the Mariposa botnet takedown has been, the persecution of those involved may not be as easy. According to news from Virus Bulletin, despite being arrested late last year, Spain’s not-so-stringent laws could make it difficult to hold the botnet’s operators. Despite evidence against the group, it’s not known whether or not it’ll be admissible.

Unlike Mariposa, some steps forward were taken with individuals behind the popular Zeus botnet this week. 70 people from the U.S. and 20 from the U.K. were charged for being connected to the malware campaign. Those who were charged in New York were said to be responsible for stealing $860,000 from 34 different consumer and corporate account s.

Speaking of Zeus, on Monday researchers discovered a variant of the malware that plagues online banking customers via mobile phones. Disguised as a “Nokia update,” the attack focuses on Blackberry and Symbian-based phones and (surprise!) uses a stolen digital certificate to evade security systems.

Such has been the case lately for stealthy viruses, as Stuxnet uses not one but two stolen certificates. While one certainly wonders how these certificates have been obtained, it’s even more puzzling as to how well future users will be able to further scrutinize their legitimacy.

What caught your eye this week? Chris Eng’s piece on fixing XSS vulnerabilities got some love early this week, as did a story about hackers from online prank site 4chan rallying against the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA).

Commenting on this Article is closed.