Dennis Fisher

The Stuxnet saga is continuing to take new and troubling turns. Researchers now have found a new binary file associated with the Stuxnet malware that is signed using the digital certificate of another Taiwanese hardware manufacturer, JMicron Technology Corp.

In the Google TechTalk, Justin Ma, a PhD candidate at UC San Diego, discusses a novel method for determining which URLs are malicious by applying large-scale online learning techniques.

Bot herders and the crimeware gangs behind banker Trojans have had a lot of success in the last few years with using bulletproof hosting providers as their main base of operations. But more and more, they’re finding that social networks such as Twitter and Facebook are offering even more fertile and convenient grounds for controlling their malicious creations.

The digital certificate that belonging to Realtek Semiconductor that was used to sign a pair of drivers fro the new Stuxnet rootkit has been revoked by VeriSign. The certificate was revoked Friday, several days after news broke about the existence of the new malware and the troubling existence of the signed drivers.

The old saying that there’s nothing new under the sun is just as true in the security industry as it is anywhere else. Many new attacks are variants or tweaks of existing ones, new software fails in exactly the same way as old software and new technologies crop up to solve problems that are 30 years old. You can add to that list the sad frequency with which interesting talks at security conferences are having to be canceled because someone doesn’t like the content. This week saw yet another talk pulled from Black Hat, a major cybersecurity meeting in Washington, a rootkit with digitally signed drivers and some new tactics by spammers. Read on for the full week in review.

In an effort to enlist more help finding bugs in its most popular software, such as Firefox, Thunderbird and Firefox Mobile, Mozilla is jacking up the bounty it pays to researchers who report security flaws to $3,000.

The meeting convened Wednesday at the White House by the country’s top cybersecurity official, Howard Schmidt, which included more than 100 security experts from the private sector and various government agencies, didn’t end with Schmidt revealing any new programs or initiatives, but some of the key participants said they left feeling more optimistic about the direction the government’s security efforts are headed than at any other point in recent memory.