Stuxnet continues to be a hot topic. Here's an updated set of Questions and Answers on it.

Q: What is Stuxnet?
A: It's a Windows worm, spreading via USB sticks. Once inside an organization, it can also spread by copying itself to network shares if they have weak passwords.

Q: Can it spread via other USB devices?
A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on.

Q: What does it do then?

Stuxnet continues to be a hot topic. Here are answers to some of the questions we've received.

Q: What is Stuxnet?
A: It's a Windows worm, spreading via USB sticks. Once inside an organization, it can also spread by copying itself to network shares if they have weak passwords.

Q: Can it spread via other USB devices?
A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on.

Q: What does it do then?

Microsoft has updated Security Advisory 2286198 and it now clarifies that:

"The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed."

Displayed is the important keyword. This is good and addresses our earlier concerns.

However, the advisory still reads that:

There is an infinite number of ways to calculate 2010, here is a fairly fun list of some of them.

The past year showed massive numbers of malware being run on systems across the globe. Behind the malware was an active malware marketplace, often with forums full of services for hire, advice on distributing and maintaining crimeware, and devious ways to hire money-mules.

Just before we pop corks at the arrival of 2010 and the passing of 2009, let’s take a quick look at the second half of 2009.

November 30th is World Computer Security Day. In conjunction with the event, the Forum of Incidence Response and Security Teams (FIRST) held a Technical Colloquium in Kuala Lumpur, which a few Analysts from our KUL Response Lab attended.

There were a number of interesting presentations, mostly dealing with the state of the Internet or the threat landscape today. There were also more technical demonstrations related to use of malware analysis tools.

Last week, Christine noted that Patch Tuesday the 13th is approaching. In fact, it's tomorrow.

This month's Microsoft Updates include 13 bulletins which fix 34 vulnerabilities. This is going to be a large number of updates.

Thanks to an effective PR strategy, most probably everybody has heard about URLZone by now.

Some hugely prevalent, worming families just won't wither away and disappear. They top vendors' prevalence lists for years on end, even as the malcode fails to serve its original purpose. As the ThreatFire community grows its presence in Mexico and Brazil, it protects more users from a relentless worm originally distributed from Indonesia, Brontok.

One of the Fellows from our Munich office, Rüediger, has written a paper on worms (including Conficker) in the course of his studies, which we'd like to share.

The paper is written in German and is available here (PDF, 2MB). Feel free to download and enjoy.

On 19/08/09 At 01:48 AM