Posted on 07/23/2010 4:04:04 AM PDT by Gomez
Virus writers have begun using the unpatched shortcut flaw in Windows first exploited by the Stuxnet worm, which targets power plant control systems, to create malware that infects the general population of vulnerable Windows machines.
Slovakian security firm Eset reports the appearance of two malware strains that exploit security vulnerabilities in the way Windows handles .lnk (shortcut) files, first used by Stuxnet to swipe information from Windows-based SCADA systems from Siemens.
The Chymine-A Trojan uses the same security hole to install a keystroke logger while the Autorun-VB-RP worm has been updated to use the shortcut vulnerability as an infection method. The original hackers developed a technique to embed malicious code in shortcut files in such a way that this code is run when an icon is viewed, an approach now followed by less skilled VXers.
Stuxnet featured rootlet functionality and digitally signed malware, techniques that mark it out as highly sophisticated. The latest malware to use the shortcut vulnerability is, by contrast, much more basic.
"The new malware we're seeing is far less sophisticated, and suggests bottom feeders seizing on techniques developed by others," writes Pierre-Marc Bureau, a senior researcher at Eset, in a blog post.
The shortcut vulnerability is likely to become a mainstay of malware distribution techniques, Bureau warns.
"This new development follows a typical path of evolution in malware. Often there are only days between the initial release of information regarding a critical vulnerability, and the discovery of its exploitation being executed in the wild by malware authors. It is safe to assume that more malware operators will start using this exploit code in order to infect host systems and increase their revenues," he concludes.
Trend Micro warns that the hole can be exploited by a wide variety of techniques including network shares, malicious websites and booby-trapped Office documents, as well as USB drive infection, the technique associated with the Stuxnet worm.
"File formats that support embedded shortcuts (eg Microsoft Office documents) can now be used to spread exploits as well," writes Trend Micro threat researcher David Sancho. "This means that users who download and open such files could find themselves the latest victim of this vulnerability. It has also been reported that this attack could be used in drive-by attack scenarios, further increasing risks."
Microsoft has issued temporary workarounds and security advice to customers as a stop-gap measure while its security researchers work on developing a fix. The vulnerability involves a security hole in core Windows functionality, so developing and testing a patch by the next scheduled Patch Tuesday, 10 August, will be tricky but not out of the question. Redmond's security team will have had a month by this point to go through a process that more typically takes two months or longer.
ping
So why are power plant control systems using Windows? That would seem like a perfect application for Linux, you wouldn’t even need a GUI.
I think Virginia Power uses Linux, not sure tho..
Summary execution is too good for them.
A lot of power plant control systems are about like a lot of industrial control and monitoring s/w: they have a lot of graphical information sdo the operators can see at a glance fron across the room whether the system is operating w/in parameters.
Because Windows is used for just about everything else and has open sourced the code to control systems manufacturers so the can sell more Windows. Also, 95% of the power plant workers understand and recognize Windows.
It's all about marketing.
I remember a while back when switching from UNIX to Windows caused some serious problems for air traffic control.
Microsoft has not "open-sourced the code" of Windows to anyone, anywhere. Windows is proprietary. Open source means it is not only publicly readable, but also, anyone may modify it.
I think you must mean, "made the code available under Non-Disclosure Agreement (NDA)". Yes?
The distinction is huge, and profound. Proprietary code, under NDA, is the opposite of open source.
What Microsoft did for the Russian secret service was make the Windows source code available under a special NDA. Read the article you linked to, don't just post the headline.
Look up the term "open source" (generally an adjective, sometimes used as a noun), and specifically the verb usage "open source" (to make a body of software available as open source).
Open source software software whose source code is published and made available to the public, enabling anyone to copy, modify and redistribute the source code without paying royalties or fees. (Wikipedia)Maybe instead of "has open sourced the code", you meant to say, "has made the source code available under NDA", which would be correct.
In no way whatsoever has Microsoft ever made the body of code known as "Windows" available as "open source", nor do they have any intention of ever doing so. They have made the source code available under NDA to various governments and agencies, including the Red Chinese and the Russians. They have made tiny portions of it publicly readable for the sake of encouraging compatible use of Windows APIs, but not for modification.
Yeah, that IS what I meant. Sorry for using the wrong terminology.
In any case, MS "made the source code available" so companies could interface with Windows for industrial control. That, coupled with the average user that is used to seeing Windows, is why the GUI is needed and line commands will never replace Windows as an interface with PLC's and the Unix computers that run machines.
> In any case, MS "made the source code available" so companies could interface with Windows for industrial control.
Do you have any links or other references, to explain that better? I'm not aware of Microsoft making Windows source code available to industrial control companies. They may have done so, and if so I'd be interested to know more -- I designed industrial control computers in the 1980's and still have some interest in them, even though I've moved on since then.
Thanks in advance for the references...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.