RSA was hacked in March. This was one of the biggest hacks in history.

Stuxnet continues to be a hot topic. Here's an updated set of Questions and Answers on it.

Q: What is Stuxnet?
A: It's a Windows worm, spreading via USB sticks. Once inside an organization, it can also spread by copying itself to network shares if they have weak passwords.

Q: Can it spread via other USB devices?
A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on.

Q: What does it do then?

A month ago, the Nobel Committee awarded The Nobel Peace Prize to Mr. Liu Xiaobo. He was awarded for — to quote the prize committee — long and non-violent struggle for fundamental human rights in China.

Two weeks ago, the website of the prize (nobelpeaceprize.org) was hacked with a zero-day attack against Firefox.

Q: What is this all about?
A: It's about a site called jailbreakme.com that enables you to Jailbreak your iPhones and iPads just by visiting the site.

Q: So what's the problem?
A: The problem is that the site uses a zero-day vulnerability to execute code on the device.

Q: How does the vulnerability work?

Here's the bad news: several additional malware families are now attempting to exploit Microsoft's LNK vulnerability (2286198).

But here's the good news: so far, the new exploit samples are detected by us, and by many other vendors. Basically we're seeing new payloads using the same basic exploit method, which is being detected generically, and not new versions of the exploit.

Microsoft has updated Security Advisory 2286198 and it now clarifies that:

"The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed."

Displayed is the important keyword. This is good and addresses our earlier concerns.

However, the advisory still reads that:

If you're not following Mikko's Twitter feed, you may have missed yesterday's news that public proof of concept exploit code for the Windows shortcut (.lnk) vulnerability has been released on exploit-db.com.

Microsoft has released Security Advisory 2286198, which provides details on the LNK shortcut (Windows Shell) vulnerability that's currently being exploited by the Stuxnet rootkit.

The news is not good.

Besides USB devices, the Windows Shell vulnerability can also be exploited via Windows file shares and WebDav.

All versions of Windows are affected:

There's a possible new zero day in the wild which is being used in targeted espionage attacks. Belorussian antivirus company, VirusBlokAda, recently published news about two new rootkit samples, and quite interestingly, the infection vector is a USB storage device and Windows shortcut [.LNK] files.

The rootkit uses a LNK file that infects the operating system when viewed by an icon rendering file explorer such as Windows Explorer or Total Commander.

Executive Summary

Gozi is a well known Trojan that has been around for a number of years now.