Web Security

Researcher Demonstrates Stuxnet At Work

We know Stuxnet has caused some major disruptions in nations like Iran and India. But how, exactly, does it work? In this video, Symantec researcher Liam O’Murchu demonstrates how a Stuxnet infected programmable logic controller (PLC) by Siemens can instruct a piece of machinery to run out of control.

Facebook’s Future: More Koobfaces

VANCOUVER – Working as Facebook’s resident malware researcher is a lonely job, for now. But Nick Bilogorskiy doesn’t expect it to stay that way. In fact, Facebook’s biggest security challenge will be building up its capabilities to identify and tamp down malware infections like the 2009 Koobface worm.

Stolen Digital Certificates Becoming Standard Malware Components

In the 15 years or so of serious malware production before 2010, there had been perhaps a handful of examples of malicious programs using digitally signed binaries to bypass antimalware systems. The emergence of Stuxnet earlier this year brought this tactic into the center of the spotlight, and now researchers say that the new mobile Zeus variant that is targeting Symbian and BlackBerry devices is following suit, using a stolen digital certificate to help cloak itself from security systems.

The last 10 years have seen a great number of advancements in the sophistication and usability of strong encryption programs, and many people now use encrypted messaging services by default. This has made it much simpler for people to keep their private thoughts and data private and secure, and now the government is working diligently to roll back all of that progress with a naive, ill-conceived effort to cripple secure communications networks in the name of national security.

Members of LinkedIn who clicked on fake connection requests sent users to a Website that displayed “PLEASE
WAITING…4 SECONDS” before redirecting them to Google. During those 4
seconds, the Website downloaded Zeus data-theft malware onto their PCs. Read the full article. [eWEEK]

Security researcher Chris Evans has released details of the data-stealing bug in Internet Explorer 8 that he publicized earlier this month, saying that the CSS flaw can be used to force victims to post messages on Twitter and that the bug appears to be no closer to being fixed.

Google is expanding the set of tools it makes available to Webmasters to help them detect and remove malware infections on their sites, adding a new alert service that will let the owners of large blocks of sites know as early as possible about the presence of malicious content on any of the sites that are under their control.

A security researcher has discovered a potentially crippling
vulnerability in one of the most widely used botnet toolkits, a finding
that makes it easy for blackhats and whitehats alike to take control of
huge networks of infected PCs. Read the full article. [The Register]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.