EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

07.27.10

New Flaw in Windows Facilitates More DDOS Attacks

Posted in Microsoft, Security, Windows at 5:03 pm by Dr. Roy Schestowitz

Stachledraht DDOS attack

Summary: Shoddy Microsoft software continues to provide opportunities for disgruntled people to attack and take down servers they dislike

ANY Windows botnet which is enabled by “Zeus” (Zeus is known to be a cause of DDOS attacks) is already taking advantage of Microsoft’s latest severe flaw which affects even fully patched Windows:

Miscreants behind the Zeus cybercrime toolkit and other strains of malware have begun taking advantage of an unpatched shortcut handling flaws in Windows. It was first used by a sophisticated worm to target SCADA-based industrial control and power plant systems.

No patch is available yet:

Security researchers have found more malware exploiting an unpatched Windows vulnerability via .LNK shortcut files.

According to Sophos blog July 23, two other pieces of malware have been observed targeting the bug. One is a keylogging Trojan the company is calling Chymin-A that is “designed to steal information from infected computers.” The other is Dulkis-A, a “worm written in obfuscated Visual Basic” that contains several subcomponents.

More here:

Slovakian security firm Eset reports the appearance of two malware strains that exploit security vulnerabilities in the way Windows handles .lnk (shortcut) files, first used by Stuxnet to swipe information from Windows-based SCADA systems from Siemens.

We covered those SCADA incidents earlier today. This has a serious impact on the world’s energy, not to mention those BP BSODs which we’ve already covered in [1, 2, 3].

The damage costs a lot of money and time (which can be equated to money) and the security world is “ill-equipped to solve digital whodunnits,” reports The Register.

“A lot of those efforts are very unqualified and pedestrian,” said Parker, who is director of security consulting services at Washington, DC-based Securicon. “There’s really not any science behind the efforts that many people have been making recently that have resulted in stories like China is attacking us, Russia is attacking us, Korea is attacking us.”

It is really hard to know where DDOS attacks come from these days. People don’t control their Windows PCs, which can be hijacked and chained back to some botmasters whose interests are not known.

Georgia has an unfortunate DDOS story to tell about its national infrastructure; after years of investigation it is still not perfectly clear if the Russian government had something to do with it or not. One youngster claims responsibility, but can he be believed? It can be hard to verify. And if one youngster can paralyse an entire nation, what does that teach us about those Windows zombies he used?

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 19/8/2014: Humble Jumbo Bundle 2 Betrayal, Mercedes-Benz Runs GNU/Linux

    Links for the day



  2. BlackBerry -- Like Microsoft Nokia -- Could be the Next Patent Proxy Troll

    BlackBerry is restructuring for patent assertion (i.e. trolling) in the wake of some alliances with Microsoft



  3. After Microsoft's Soft Bribe Some Non-Technical Deputy Does Not Like Free Software, Microsoft-Linked Media Responds to This Non-News by Making Bogus Claims of Munich Leaving GNU/Linux (Updated)

    The subversive forces that have secretly been attacking Munich over its migration to GNU/Linux (Microsoft press, Gartner, and even HP) are back to doing it while China and Russia follow Munich's lead



  4. Gates Foundation CFO Quits and Debate About Revolving Doors Recalled Amid Systematic and Shrewd Bribery of Public Officials

    More officials step out of the Gates Foundation and their destination is not known yet; Gates continues to corrupt the public sector with his money so as to increase personal gain at taxpayers' expense



  5. Links 19/8/2014: GNU/Linux Raves and Alternative to Proprietary Voice Chat

    Links for the day



  6. Links 18/8/2014: Linux 3.17 RC1, Escalation in Ferguson

    Links for the day



  7. Gartner Group Advocates Using Defective Software With Back Doors

    Despite strong evidence that Microsoft has been complicit in illegal surveillance, Gartner continues to recommend the use of Windows and other espionage-ready Microsoft software



  8. The Microsoft Patent Trolls: Android Extortion, Vringo Versus Google, and Intellectual Ventures

    Roundup of news about patent aggression by Microsoft and some of its proxies



  9. Links 16/8/2014: Microsoft Linux, US Government Turns to Free Software

    Links for the day



  10. Links 15/8/2014: Reiser4 in Headlines Again, GNOME and KDE Events Finish

    Links for the day



  11. Links 14/8/2014: Kernel Summit Coming, KMix on KDE Frameworks 5

    Links for the day



  12. Shameless Microsoft Spin is Blaming China for Microsoft's Misconduct and Back Doors While Justifying Massive Losses in Hardware (Made in China)

    A new look at how Microsoft-friendly media takes negative Microsoft news and turns that news into some kind of scandals where Microsoft is the victim



  13. Microsoft Spin in the Media Evokes 'New Microsoft' and New Back Doors

    Some new examples of Microsoft boosters rewriting history, characterising Microsoft as a FOSS champion, and generally weak/shallow reporting on Microsoft's audio/video surveillance software



  14. Links 13/8/2014: GNU/Linux as Winner, New Snowden Interview

    Links for the day



  15. Reader's Article: Skype Spying Reaches New Levels of Blatant

    Forced 'upgrades' of Skype give useds [sic.] of Skype more than they asked for



  16. The Problem is Software Patents (and Scope), Not Patent Trolls Who Abuse Them Just Like Large Corporations

    Reminder of the dangers of losing sight of the real patent problem, which is the patents themselves, not necessarily those who use them



  17. Fraud in the USPTO and CAFC Helped Apple Launch Frivolous Patent Lawsuits Against Linux/Android, Based on New Withdrawals

    Inherent corruption in the US system has aided Apple's assault on east Asian electronics giants that use Linux at the core of their products



  18. Investigation Reveals That USPTO is Corrupt, Time to Abolish It or Annul Nearly a Million Patents

    Corruption is found at the heart of the USPTO and the USPTO works hard to hide it, despite attempt by whistleblowers to bring this corruption to light



  19. Links 13/8/2014: Red Hat Enterprise Linux 6.6 Beta, Tizen in Watches

    Links for the day



  20. Links 12/8/2014: Chromebooks Surge, OpenGL in the Headlines

    Links for the day



  21. Bill Gates is Profiting By Diverting Public Money to His Own Pocket and Reducing Wages

    Gates' lobbying for companies he is an investor of and for lower salaries inside companies he is investing in (and managing) comes as no surprise



  22. Microsoft is Still Attacking Open Standards, So Khronos Does Not Need the Microsoft Moles

    Having attacked the industry's document standard OpenDocument Format (ODF) while pretending to have 'embraced' ODF Microsoft is now pretending that it is eager to support OpenGL



  23. Another Depressing Look at the Patent Systems in the US and in Europe

    A roundup of news about patent monopolies and in particular the immense power wielded by giant multi-national corporations that steer the debate and acquire trans-Atlantic monopolies on ideas, always against citizens' interests



  24. Links 11/8/2014: DEFT 8.2, Linux Mint on Debian Stable

    Links for the day



  25. Links 9/8/2014: Knoppix 7.4.0, GNU Linux Libre 3.16

    Links for the day



  26. Links 8/8/2014: Qt a Separate Company Again, KDE Frameworks 5.1 Released

    Links for the day



  27. Microsoft's Android Lawsuit Against Samsung Shows That Windows is Dead Beef

    Microsoft resorts to AstroTurfing, lawsuits, vapourware, and attack ads, revealing that it is a feeble aggressor whose only remaining hope for revival is destruction of rivals



  28. Only Foolish Governments Would Choose Microsoft or Apple

    China bans Apple's operating systems (just like Microsoft's) while Apple retreats on it litigation strategy from 2010, showing perhaps where Microsoft is heading now that it is suing Samsung (as Apple did some years ago)



  29. Links 6/8/2014: Linux 3.17 Features, Ubuntu in India

    Links for the day



  30. Latest Attacks on Android From Apple/Microsoft and Their Network of Trolls/Partners

    Net Applications (Apple- and Microsoft-funded) makes a misinformation comeback, Apple retreats from some Samsung litigation battles, and Microsoft dives deep into it


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts