Week in Security: Chinese SCADA Miscommunication and Botnets 2011: The Return

The specter of Stuxnet reared its head again this week, with news of a critical hole in some Chinese SCADA software, while, elsewhere, botnets reloaded following a holiday break, and patches from Microsoft, Google and RIM made headlines. Read on for the full week in review.

Week in securityThe specter of Stuxnet reared its head again this week, with news of a critical hole in some Chinese SCADA software, while, elsewhere, botnets reloaded following a holiday break, and patches from Microsoft, Google and RIM made headlines. Read on for the full week in review.

At the top of the news this week was trouble surrounding a hole in Supervisory Control And Data Acquisition (SCADA) software in China. As Threatpost reported, on Sunday NSS Labs researcher Dillon Beresford called out Beijing-based software company Wellintech on his blog. The software, KingView, is used throughout China is a Human Machine Interface (HMI) package. If exploited, the heap overflow vulnerability Beresford identified could be used to run malicious code. Despite contacting China’s Computer Emergency Response Team (CNCERT) and Wellintech, it was thought Beresford’s discovery had gone unnoticed until this week.

It wasn’t the first hole Beresford had found in Chinese SCADA. As Threatpost reported on Tuesday, he’d seen similar holes in the infrastructure used in the country. Beresford plans on disclosing the additional holes after he works on some fixes with their respective software manufacturers and CNCERT.

On Thursday CNCERT stepped up and confessed it had overlooked the message Beresford sent in September. Lost in a veritable sea of e-mail, the message was one of thousands of e-mails received a day and was missed by staff. CNCERT eventually uncovered the hole thanks to help from U.S. CERT in November and Wellintech went ahead and patched the hole in December. The fix was never reported to China’s National Vulnerability Database (CNVD) however.

The events shine a light on the continuing security issues, which the Stuxnet worm revealed, facing SCADA and industrial control systems (ICS) in China and other countries.

In other news, attackers fired up their botnets again this week – some which were thought to have been dormant – as we settled into 2011. Waldac and Rustock have returned to churn out spam according to Symantec while Websense saw it jump in a big way over the weekend. Spam evels shot up 45% this week after a relative lull in 2010’s fourth quarter, per a Commtouch report released on Wednesday.

The ever-popular Zeus botnet remains busy though – and as we found on Monday, could be getting easier than ever to set up. Research by RSA showed that some attackers are helping novices get their botnets off the ground, offering a kind of introductory “Zeus 101” course.

The patch parade was in full effect this week as Google, Microsoft and RIM issued fixes for their respective products: Google pushed version 8.0.552 of Chrome, fixing 16 vulnerabilities. Perhaps more notable however was the company’s first security bounty reward of $3133.7. The company paid out more than $14,000 this month for finding flaws in their browser but researcher Sergey Glazunov received the maximum amount for discovering a stale pointer in a speech handling component of Chrome.

As reported last week, this week’s Patch Tuesday fixed three windows flaws with two bulletins. MS-11-01 patched a hole in Windows Backup Manager while MS11-02 fixed a DSN overflow and ADO record memory vulnerability.

Finally, Canadian telecommunication company RIM made some mends of their own this week, releasing a patch for their BlackBerry Enterprise Server software on Wednesday. By fixing an overflow vulnerability in its PDF distiller, the patch should prevent attacks that could’ve crashed the system or execute remote code.

What’d you find interesting this week? In-Q-Tel’s CISO Dan Geer wrote an insightful piece and discussed why having a multitude of choices when it comes to security isn’t necessarily better.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.