EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.18.10

Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities

Posted in Microsoft, Security, Windows at 3:01 pm by Dr. Roy Schestowitz

Sadeh fire festival

Summary: Some of the latest security news which affects only Windows users (or people whom Windows is using)

HERE are some security news picks from the past week.

MSBBC

Not a week goes by without some BBC propaganda such as this. Since many former Microsoft UK employees took leading positions in the BBC, new articles like this neglect to mention major facts like the scary story only referring to Windows and not computers by and large (BBC Click is encouraging similar narrow-mindedness right now).

“BBC’s usual high standards: no mention of MS Windows,” wrote Glyn Moody in response to it. Gordon from TechBytes wrote: “Yet another Windows only story “forgetting” to mention either “Microsoft” or “Windows” #fail !BBC” (he claims to have had a “deja-vu, found another the other day“).

Ask the BBC to call out Windows and thus inform the public. “Computer” is not the same as “Microsoft Windows” and taxpayers who fund the BBC deserve to know this.

The rest of the security news is tediously repetitive (yet new), so we just add it below categorised.

Rootkit

i. More Layers, Please

M$ has put many coats of paint on the old barn to secure that other OS but the malware writers have discovered a way to alter the MBR data so that rebooting turns off some of the layers of protection. The result is rootkits on the beloved 64bit “7″. Fortunately, our 64bit machines run Debian GNU/Linux. You need physical access to the machine or root access to alter the MBR with GNU/Linux. That other OS provides the tools by default… The modifications to UAC after the Vista fiasco opened the door to this rootkit. Malware artists have been going through this door since August.

ii. Rootkit able to bypass kernel protection and driver signing in 64-bit Windows

The 64-bit version of the Alureon rootkit / bot is able to bypass the special security features included in the 64-bit versions of Windows 7 and Vista and insert itself into the system. The tricks used have been known about in theory for several years, but until recently had not been used by malware in the wild. The 32-bit version of Alureon made headlines early this year, when the installation of a Microsoft patch left many systems unable to boot. The problem was caused by the previously unnoticed presence of the rootkit, which the patch effectively unmasked.

The 64-bit version of Alureon (aka. TDL) deactivates checks for driver signing and, even during the boot process, reroutes specific API calls in order to bypass the kernel’s PatchGuard mechanism. Driver signing is intended to ensure that Windows only loads drivers from known vendors. PatchGuard is intended to protect the operating system kernel from being modified by malicious code.

Stuxnet

i. Stuxnet has a double payload

According to the latest analysis, Stuxnet is aimed not at disrupting a single system, but at two different systems. According to control systems security firm Langner Communications, the worm is not just designed to interfere with specific, variable frequency, motor control systems – it also attempts to disrupt turbine control systems. According to Langner, this would mean that, in addition to Iran’s uranium enrichment plant at Natanz, the country’s Bushehr nuclear power plant may have been a further target of the Stuxnet attack.

Specialists have been puzzling over the worm’s target for several weeks, with early rumours circulating that it was aimed at sabotaging Natanz or Bushehr. However, no-one initially suspected that its aim was to sabotage both plants, although clues that this might be the case have been emerging for some time. Stuxnet attacks Siemens control system types S7-300 (315) and S7-400 (417). The attack modules appear to have been created using different tools – probably even by different teams.

The code for the S7-417 system – used in the turbine control systems at Bushehr – is reported to be much more sophisticated than that for the S7-315 system. The code carries out what amounts to a man-in-the-middle attack in order to pass fake input and output values to the genuine plant control code. User code running on a programmable logic controller (PLC) does not usually query I / O ports directly, but instead reads from an input process image and writes to an output process image. Mapping of physical ports to logical ports is intended to ensure that I / O values do not change during processing cycles.

ii. Stuxnet virus could target many industries (from AP, copyright maximalist and fair use squasher)

A malicious computer attack that appears to target Iran’s nuclear plants can be modified to wreak havoc on industrial control systems around the world, and represents the most dire cyberthreat known to industry, government officials and experts said Wednesday.

They warned that industries are becoming increasingly vulnerable to the so-called Stuxnet worm as they merge networks and computer systems to increase efficiency. The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer.

iii. Stuxnet Was Designed To Subtly Interfere With Uranium Enrichment

“Wired is reporting that the Stuxnet worm was apparently designed to subtly interfere with uranium enrichment by periodically speeding or slowing specific frequency converter drives spinning between 807Hz and 1210Hz. The goal was not to cause a major malfunction (which would be quickly noticed), but rather to degrade the quality of the enriched uranium to the point where much of it wouldn’t be useful in atomic weapons. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 at around the time the worm was spreading in Iran.”

iv. Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage

The malware, however, doesn’t sabotage just any frequency converter. It inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.

Even more specifically, Stuxnet targets only frequency drives from these two companies that are running at high speeds — between 807 Hz and 1210 Hz. Such high speeds are used only for select applications. Symantec is careful not to say definitively that Stuxnet was targeting a nuclear facility, but notes that “frequency converter drives that output over 600 Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”

“There’s only a limited number of circumstances where you would want something to spin that quickly -– such as in uranium enrichment,” said O Murchu. “I imagine there are not too many countries outside of Iran that are using an Iranian device. I can’t imagine any facility in the U.S. using an Iranian device,” he added.

More links about Stuxnet:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows

Messenger

i. Microsoft disables Live Messenger links

According to the Vole’s blog, disabling the feature was designed to prevent the spread of a malicious worm.

The worm requires users to click a link within a message, upon which it will load a webpage that downloads the worm to your PC and then it sends the same message to people in your contact list.

It only affected those who had not upgraded to the newest version of Messenger that uses Microsoft’s Smartscreen, which shows up when you click on any link shared via Messenger.

A spokesperson said that the malicious worm was trying to spread itself through many of the world’s largest instant messaging and social networks, including Windows Live Messenger 2009.

Windows will never be secure. “Our products just aren’t engineered for security,” said Brian Valentine, one of the top Windows executive at the time.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

2 Comments

  1. twitter said,

    November 20, 2010 at 1:35 pm

    Gravatar

    Some shameful Microsoft propaganda about botnets was promoted by Slashdot the day you published this roundup. There might be some interesting statistics in the report, but the analysis and conclusions are crazy. The first indication of cluelessness is that the paper was written with Microsoft word so the PDF is of low quality, lacks hyperlinks and has sorry graphics. The word “Windows” appears nowhere in the 67 page paper and the researchers seem to be oblivious to OS choice as an explanation to their findings or as a solution to the problem. Their central finding was:

    all ISPs harbor infected machines – ‘bots’ – in their networks. …Of the tens of thousands of ISPs that provide Internet access, the 200 ISPs that collectively hold nearly 90 percent of the total market share in the wider OECD area account for more than 60 percent of all infected machines worldwide. Other service providers, such as hosting providers, university networks, corporate networks and application service providers contain a smaller share of all bots.

    This, for some reason, surprises them and they then use it to conclude that ISPs should police their users who they must assume are all Windows users. It is obvious to anyone without Microsoft blinders that the reason hosting providers, universities, educated people have less of a botnet problem is that people who know what they are doing steer away from Windows. From false assumptions come incorrect projections and recommendations. The authors should be ashamed of themselves for not looking at OS dependency and the technical nature of their survey should be closely studied by anyone who would like to use any of the statistics reported.

    Freedom is the real solution to the botnet problem, not the kind of anti-competitive “security” that Microsoft would like to inflict on ISPs.

    Dr. Roy Schestowitz Reply:

    Thanks. You’ve reminded me that I should make a quick new post about GNU/Linux installed base.

What Else is New


  1. Links 18/4/2019: Ubuntu and Derivatives Have Releases, digiKam 6.1.0, OpenSSH 8.0 and LibreOffice 6.2.3

    Links for the day



  2. Freedom is Not a Business and Those Who Make 'Business' by Giving it Away Deserve Naming

    Free software is being parceled and sold to private monopolisers; those who facilitate the process enrich themselves and pose a growing threat to freedom in general — a subject we intend to tackle in the near future



  3. Concluding the Linux Foundation (LF) “Putting the CON in Conference!” (Part 3)

    Conferences constructed or put together based on payments rather than merit pose a risk to the freedom of free software; we conclude our series about events set up by the largest of culprits, which profits from this erosion of freedom



  4. “Mention the War” (of Microsoft Against GNU/Linux)

    The GNU/Linux desktop (or laptops) seems to be languishing or deteriorating, making way for proprietary takeover in the form of Vista 10 and Chrome OS and “web apps” (surveillance); nobody seems too bothered — certainly not the Linux Foundation — by the fact that GNU/Linux itself is being relegated or demoted to a mere “app” on these surveillance platforms (WSL, Croûton and so on)



  5. The European Patent Office Does Not Care About the Law, Today's Management Constantly Attempts to Bypass the Law

    Many EPs (European Patents) are actually "IPs" (invalid patents); the EPO doesn't seem to care and it is again paying for corrupt scholars to toe the party line



  6. The US Supreme Court (SCOTUS) Once Again Pours Cold Water on Patent Maximalists

    Any hopes of a rebound or turnaround have just been shattered because a bizarre attack on the appeal process (misusing tribal immunity) fell on deaf ears and software patents definitely don't interest the highest court, which already deemed them invalid half a decade ago



  7. Links 17/4/2019: Qt 5.12.3 Released, Ola Bini Arrested (Political Stunts)

    Links for the day



  8. Links 16/4/2019: CentOS Turns 15, Qt Creator 4.9.0 Released

    Links for the day



  9. GNU/Linux is Being Eaten Alive by Large Corporations With Their Agenda

    A sort of corporate takeover, or moneyed interests at the expense of our freedom, can be seen as a 'soft coup' whose eventual outcome would involve all or most servers in 'the cloud' (surveillance with patent tax as part of the rental fees) and almost no laptops/desktops which aren't remotely controlled (and limit what's run on them, using something like UEFI 'secure boot')



  10. Reader's Claim That Rules Similar to the Code of Conduct (CoC) Were 'Imposed' on LibrePlanet and the FSF

    Restrictions on speech are said to have been spread and reached some of the most liberal circles, according to a credible veteran who opposes illiberal censorship



  11. Corporate Media Will Never Cover the EPO's Violations of the Law With Respect to Patent Scope

    The greed-driven gold rush for patents has resulted in a large pool of European Patents that have no legitimacy and are nowadays associated with low legal certainty; the media isn't interested in covering such a monumental disaster that poses a threat to the whole of Europe



  12. A Linux Foundation Run by People Who Reject Linux is Like a Children's Charity Whose Management Dislikes Children

    We remain concerned about the lack of commitment that the Linux Foundation has for Linux; much of the Linux Foundation's Board, for example, comes from hostile companies



  13. Links 15/4/2019: Linux 5.1 RC5 and SolydXK Reviewed

    Links for the day



  14. Links 14/4/2019: Blender 2.80 Release Plan and Ducktype 1.0

    Links for the day



  15. 'Poor' (Multi-Millionaire) Novell CEO, Who Colluded With Steve Ballmer Against GNU/Linux, is Trying to Censor Techrights

    Novell’s last CEO, a former IBMer who just like IBM decided to leverage software patents against the competition (threatening loads of companies using "platoons of patent lawyers"), has decided that siccing lawyers at us would be a good idea



  16. Guest Post: The Linux Foundation (LF) is “Putting the CON in Conference!” (Part 2)

    Calls for papers (CfP) and who gets to assess what's presented or what's not presented is a lesser-explored aspect, especially in this age when large corporate sponsors get to indirectly run entire 'community' events



  17. Patent Maximalists Are Enabling Injustices and Frauds

    It's time to come to grips with the simple fact that extreme patent lenience causes society to suffer and is mostly beneficial to bad actors; for the patent profession to maintain a level of credibility and legitimacy it must reject the deplorable, condemnable zealots



  18. Further Decreasing Focus on Software Patents in the United States as They Barely Exist in Valid Form Anymore

    No headway made after almost 4 months of Iancu-led stunts; software patents remain largely dead and buried, so we’re moving on to other topics



  19. Links 13/4/2019: Wine 4.6 and Emacs 26.2 Released

    Links for the day



  20. Links 12/4/2019: Mesa 19.0.2, Rust 1.34.0 and Flatpak 1.3.2 Released

    Links for the day



  21. Caricature: EPO Standing Tall

    A reader's response to the EPO's tall claims and fluff from yesterday



  22. The EPO is Slipping Out of Control Again and It's Another Battistelli-Like Mess With Disregard for the Rule of Law and Patent Scope

    The banker in chief is just 'printing' or 'minting' lots and lots of patents, even clearly bogus ones that lack substance to back their perceived value



  23. Global Finance Magazine Spreads Lies About the Unitary Patent and German Constitutional Court

    Alluding to the concept of a "unified European patent," some site connected to Class Editori S.p.A. and based in Manhattan/New York City tells obvious lies about the Unified Patent Court (UPC), possibly in an effort to sway outcomes and twist people's expectations



  24. New Building as Perfect Metaphor for the EPO Under the Frenchmen Battistelli and Campinos

    The EPO is in "propaganda mode" only 9 months after the latest French President took Office; the Office is seen as dishonest, even under the new leadership, which routinely lies to the public and to its own staff



  25. Links 11/4/2019: Twisted 19.2.0 Released, Assange Arrested

    Links for the day



  26. EPO Still Wasting Budget, Paying Media and Academics for Spin

    EPO money continues to flow like water into hands that are complicit in legitimising the EPO's management and policies; this highlights the grave dangers of lack of oversight at the EPO, not to mention lawlessness or lack of enforcement



  27. Links 10/4/2019: Microsoft's GDPR Trouble, New Fedora 29 Images

    Links for the day



  28. Linux Magazine is Run by Advertisers, Not GNU/Linux (and It's Hardly the Exception)

    Advertising is big money — so big in fact that publications no longer care what’s true but instead focus on what text brings them more income (from advertisers, of course)



  29. Guest Post: The Linux Foundation (LF) is “Putting the CON in Conference!” (Part 1)

    Proprietary software giants with their sponsorships and gifts are more like Trojan horses or parasites striving to infect the host; how can the LF be protected from them?



  30. EPO Benefits European Patent Trolls With Dodgy European Patents

    The EPO is a stepping stone for parasitic entities looking to leverage patents for exploitative extortion rackets all over Europe; if they get their way, companies that manufacture and sell things will pay a hefty tax to those who create nothing at all and are often not European, either


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts