The news this week revolved around complex and troublesome threats, notably two rootkits, TDL4 and ZeroAccess. Stuxnet reared its head once again as did a new problem with Cisco’s popular videoconferencing software. Read on for the full week in review.

In our most popular story of the week, we heard about TDL4, an evolved version of the TDSS/Alureon rootkit that’s managed to sneak its way past Windows’ normal security methods. Detected in Vista and Windows 7, TDL4 can bypass the systems’ driver-signing protection and infect the machine’s master boot record, making removal tricky. This is just the latest version of the rootkit – there’s TDL1, TDL2, and so on. And the authors behind it are constantly tweaking it and adding features – a classic example of the kind of professional development shops that most malware operations have morphed into in recent years. 

Another meticulously designed rootkit, ZeroAccess, was in the headlines, as well, after researcher Giuseppe Bonfa of Infotec Institute was able to defeat anti- reverse engineering features in ZeroAccess and perform a detailed analysis of the rootkit. Much like TDL4, ZeroAccess puts an emphasis on stealth and persistence. In ZeroAccess’ case, the rootkit is able to install itself at a low level in the operating system, and even creates a stealth partition for itself that allows the malware to survive even after the host OS has been removed and reinstalled. Ouch!!

The week brought more news on the oft-mentioned industrial worm Stuxnet. This after anti malware firm Symantec supplied more evidence late last week that the worm’s intent was to target Iranian uranium strongholds. With the assistance of a Dutch researcher, the anti-virus company posits Stuxnet was penetrating SCADA networks for uranium since the worm was scouring drives at such a high frequency. 

The week saw a string of patches for critical software vulnerabilities. Adobe issued an emergency patch for Adobe Reader, fixing the latest Flash bug in the process. That hole was already being exploited in real-world attacks. The out-of-band bulletin, APSB10-28, will be the company’s last until February 8, 2011 – barring further crises.

Apple followed suit on Thursday: issuing an omnibus update for versions of its Safari Web browser that closed some 27 separate vulnerabilities in the WebKit component of the browser, which is used to display Web content.

Those running Cisco’s Unified Videoconferencing platform on Linux should take notice according to an advisory issued Wednesday. The flaws, including a hard coded password for bigger accounts and several additional bugs, were discovered by Matta Consulting.

Cisco found itself in the news for another reason this week after releasing their latest Global Threat Report, a slew of data that spans 2010’s third quarter. The average enterprise was hit by 133 web-based malware attacks a month and 31% of their spam in September and October came from fake LinkedIn e-mails, according to the report.

Social media took a hit as well this week, with Facebook sitting squarely in the crosshairs. The online networking giant locked some users out of their accounts after a bug was found Tuesday. One of the systems Facebook uses to identify and disable fake accounts was to blame, per Simon Axten, a Privacy and Public Policy Associate at Facebook.

What stories caught your interest this week? With the deadline for 2011 budgets growing near, George Hulme broke down how to afford room for security in an economy that’s slowly starting to revive itself. Readers were also drawn to Dennis’s talk with Alex Hutton of Verizon Business on their recent VERIS Community Application and that company’s attempt to gather and analyze information on data breaches.

Categories: Vulnerabilities, Web Security