Summary: Shoddy Microsoft software continues to provide opportunities for disgruntled people to attack and take down servers they dislike
ANY Windows botnet which is enabled by “Zeus” (Zeus is known to be a cause of DDOS attacks) is already taking advantage of Microsoft’s latest severe flaw which affects even fully patched Windows:
Miscreants behind the Zeus cybercrime toolkit and other strains of malware have begun taking advantage of an unpatched shortcut handling flaws in Windows. It was first used by a sophisticated worm to target SCADA-based industrial control and power plant systems.
Security researchers have found more malware exploiting an unpatched Windows vulnerability via .LNK shortcut files.
According to Sophos blog July 23, two other pieces of malware have been observed targeting the bug. One is a keylogging Trojan the company is calling Chymin-A that is “designed to steal information from infected computers.” The other is Dulkis-A, a “worm written in obfuscated Visual Basic” that contains several subcomponents.
Slovakian security firm Eset reports the appearance of two malware strains that exploit security vulnerabilities in the way Windows handles .lnk (shortcut) files, first used by Stuxnet to swipe information from Windows-based SCADA systems from Siemens.
The damage costs a lot of money and time (which can be equated to money) and the security world is “ill-equipped to solve digital whodunnits,” reports The Register.
“A lot of those efforts are very unqualified and pedestrian,” said Parker, who is director of security consulting services at Washington, DC-based Securicon. “There’s really not any science behind the efforts that many people have been making recently that have resulted in stories like China is attacking us, Russia is attacking us, Korea is attacking us.”
It is really hard to know where DDOS attacks come from these days. People don’t control their Windows PCs, which can be hijacked and chained back to some botmasters whose interests are not known.
Georgia has an unfortunate DDOS story to tell about its national infrastructure; after years of investigation it is still not perfectly clear if the Russian government had something to do with it or not. One youngster claims responsibility, but can he be believed? It can be hard to verify. And if one youngster can paralyse an entire nation, what does that teach us about those Windows zombies he used? █