Bonum Certa Men Certa

Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran's Nuclear Facilities

Sadeh fire festival



Summary: Some of the latest security news which affects only Windows users (or people whom Windows is using)

HERE are some security news picks from the past week.



MSBBC



Not a week goes by without some BBC propaganda such as this. Since many former Microsoft UK employees took leading positions in the BBC, new articles like this neglect to mention major facts like the scary story only referring to Windows and not computers by and large (BBC Click is encouraging similar narrow-mindedness right now).

"BBC's usual high standards: no mention of MS Windows," wrote Glyn Moody in response to it. Gordon from TechBytes wrote: "Yet another Windows only story "forgetting" to mention either "Microsoft" or "Windows" #fail !BBC" (he claims to have had a "deja-vu, found another the other day").

Ask the BBC to call out Windows and thus inform the public. "Computer" is not the same as "Microsoft Windows" and taxpayers who fund the BBC deserve to know this.

The rest of the security news is tediously repetitive (yet new), so we just add it below categorised.

Rootkit



i. More Layers, Please

M$ has put many coats of paint on the old barn to secure that other OS but the malware writers have discovered a way to alter the MBR data so that rebooting turns off some of the layers of protection. The result is rootkits on the beloved 64bit “7″. Fortunately, our 64bit machines run Debian GNU/Linux. You need physical access to the machine or root access to alter the MBR with GNU/Linux. That other OS provides the tools by default… The modifications to UAC after the Vista fiasco opened the door to this rootkit. Malware artists have been going through this door since August.


ii. Rootkit able to bypass kernel protection and driver signing in 64-bit Windows

The 64-bit version of the Alureon rootkit / bot is able to bypass the special security features included in the 64-bit versions of Windows 7 and Vista and insert itself into the system. The tricks used have been known about in theory for several years, but until recently had not been used by malware in the wild. The 32-bit version of Alureon made headlines early this year, when the installation of a Microsoft patch left many systems unable to boot. The problem was caused by the previously unnoticed presence of the rootkit, which the patch effectively unmasked.

The 64-bit version of Alureon (aka. TDL) deactivates checks for driver signing and, even during the boot process, reroutes specific API calls in order to bypass the kernel's PatchGuard mechanism. Driver signing is intended to ensure that Windows only loads drivers from known vendors. PatchGuard is intended to protect the operating system kernel from being modified by malicious code.


Stuxnet



i. Stuxnet has a double payload

According to the latest analysis, Stuxnet is aimed not at disrupting a single system, but at two different systems. According to control systems security firm Langner Communications, the worm is not just designed to interfere with specific, variable frequency, motor control systems – it also attempts to disrupt turbine control systems. According to Langner, this would mean that, in addition to Iran's uranium enrichment plant at Natanz, the country's Bushehr nuclear power plant may have been a further target of the Stuxnet attack.

Specialists have been puzzling over the worm's target for several weeks, with early rumours circulating that it was aimed at sabotaging Natanz or Bushehr. However, no-one initially suspected that its aim was to sabotage both plants, although clues that this might be the case have been emerging for some time. Stuxnet attacks Siemens control system types S7-300 (315) and S7-400 (417). The attack modules appear to have been created using different tools – probably even by different teams.

The code for the S7-417 system – used in the turbine control systems at Bushehr – is reported to be much more sophisticated than that for the S7-315 system. The code carries out what amounts to a man-in-the-middle attack in order to pass fake input and output values to the genuine plant control code. User code running on a programmable logic controller (PLC) does not usually query I / O ports directly, but instead reads from an input process image and writes to an output process image. Mapping of physical ports to logical ports is intended to ensure that I / O values do not change during processing cycles.


ii. Stuxnet virus could target many industries (from AP, copyright maximalist and fair use squasher)

A malicious computer attack that appears to target Iran's nuclear plants can be modified to wreak havoc on industrial control systems around the world, and represents the most dire cyberthreat known to industry, government officials and experts said Wednesday.

They warned that industries are becoming increasingly vulnerable to the so-called Stuxnet worm as they merge networks and computer systems to increase efficiency. The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer.


iii. Stuxnet Was Designed To Subtly Interfere With Uranium Enrichment

"Wired is reporting that the Stuxnet worm was apparently designed to subtly interfere with uranium enrichment by periodically speeding or slowing specific frequency converter drives spinning between 807Hz and 1210Hz. The goal was not to cause a major malfunction (which would be quickly noticed), but rather to degrade the quality of the enriched uranium to the point where much of it wouldn't be useful in atomic weapons. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 at around the time the worm was spreading in Iran."


iv. Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage

The malware, however, doesn’t sabotage just any frequency converter. It inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.

Even more specifically, Stuxnet targets only frequency drives from these two companies that are running at high speeds — between 807 Hz and 1210 Hz. Such high speeds are used only for select applications. Symantec is careful not to say definitively that Stuxnet was targeting a nuclear facility, but notes that “frequency converter drives that output over 600 Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”

“There’s only a limited number of circumstances where you would want something to spin that quickly -– such as in uranium enrichment,” said O Murchu. “I imagine there are not too many countries outside of Iran that are using an Iranian device. I can’t imagine any facility in the U.S. using an Iranian device,” he added.


More links about Stuxnet:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran's Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It's So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft's Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows


Messenger



i. Microsoft disables Live Messenger links

According to the Vole's blog, disabling the feature was designed to prevent the spread of a malicious worm.

The worm requires users to click a link within a message, upon which it will load a webpage that downloads the worm to your PC and then it sends the same message to people in your contact list.

It only affected those who had not upgraded to the newest version of Messenger that uses Microsoft's Smartscreen, which shows up when you click on any link shared via Messenger.

A spokesperson said that the malicious worm was trying to spread itself through many of the world's largest instant messaging and social networks, including Windows Live Messenger 2009.


Windows will never be secure. "Our products just aren't engineered for security," said Brian Valentine, one of the top Windows executive at the time.

Comments

Recent Techrights' Posts

XBox is Practically 'Dead Man Walking' at This Point
writings on the wall
SLAPP Censorship - Part 128 Out of 200: Making Laws Work for Britain, Not Oversensitive Americans Looking for 'Revenge' by Lawfare
The SLAPPs are intended to protect corporations (employers like Microsoft)
 
Social Dialogue at the European Patent Office (EPO) is Dead, the Strikes and Work Stoppage-Like Actions Carry on
What next for the EPO?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 05, 2026
IRC logs for Sunday, July 05, 2026
Links 05/07/2026: Shadows of the Upper Peninsula and 2026 Old Computer Challenge
Links for the day
Not Everything Should be Electric
technology has become detrimental to society
Gemini Links 05/07/2026: Eye of the Beholder and Baldur’s Gate 3 and Alhena 5.6.5
Links for the day
GNU/Linux Market Share is Already High
GNU/Linux has fast become and is still becoming mainstream in recent years
The 9-Step IBM Algorithm: Gaming Wall Street While Shedding Off Staff and Bribing the Mainstream Media to Play Along
Any time IBM preaches manners (e.g. CoC) to the community remember that IBM works closely with and flatters the dictator
They Could Never Kill the Ideas of Richard Stallman (RMS), But They Are Still Trying
Killing an idea is harder than killing a person and killing a person is illegal
Only Germany Objected to Salary Adjustment (Reduction) Procedure of "Team Campinos"
"flash report on the Administrative Council of 30 June and 1 July 2026"
A "Never Slop" Policy in Quibble
"every change in the repository must be made by a human"
Series on GNU/Linux in Japan
This series can last a week or longer
75% of All the Patents Last Year Were Software
The corporate media has more or less ceased to discuss this matter
At Microsoft "the Morale of Developers is at an All-time Low"
Numerous reports today say that after at least 5 studios got marked for shutdown (mothballing) by Microsoft there are rumours about Obsidian as well
Links 05/07/2026: Data Breaches, Heat Waves, and Weinstein Rape Conviction Upheld
Links for the day
Confidentiality at Risk With Slop 'Coding'
People who continue to cheer for slop aren't just misguided fanbis and fangurls
False Narratives of Slop "Efficiency" as Debt Climbs
false stories about slop
July 8 as "D-Day" for Microsoft, Mass Layoffs Planned
Microsoft's grip on the market has slipped for a long time
GNU/Linux Leaps to 6% in Thailand
Can we expect 10% by year's end?
EC Looking for Input on Digital Networks Act Until Next Month
New initiative
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 04, 2026
IRC logs for Saturday, July 04, 2026
Gemini Links 05/07/2026: Ragebaited and Removing Lines in Emacs
Links for the day
Links 05/07/2026: "Tesla Slams Into Crowded Cafe" and "ChatGPT [Turned] Into a Sociopath"
Links for the day
BRICS and Windows: All-Time Lows
Expect many more Microsoft layoffs in years to come
Do No Evil, Do Not DDoS
Sites that attract DDoS attacks because of their message are sites that are difficult to debunk or debate
France is Winning the Race Against Windows
France instructs, then orders, government agencies to adopt GNU/Linux
Not 2.5% and Not 2.5 Billion Dollars for "Hey Hi"; 2 Waves of Microsoft Layoffs Rumoured This Month, July 8th, Then July 22nd (Just Before 'Results')
People there join unions, knowing they will be terminated silently or otherwise
Microsoft Double Trouble With Slop
What does Microsoft even sell at this point?
Based on US Government Sites, GNU/Linux Has Reached About 8% "Market Share" in Desktops/Laptops
Culled to exclude mobile platforms, GNU/Linux would likely be above 8%
TheLayoff.com is Deleting Comments About IBM Offshoring
Meanwhile, rage-baiting Internet trolls and sometimes trolls who paste in LLM slop are immune from censorship
American Independence Needs Independent Media
The American regime's hostility towards media is an international problem
Techrights Was Always a Community Platform
Techrights is about whistleblowers
Phenomenal Growth for GNU/Linux in Afghanistan
This is impressive because for many years it was registered at near 0%
Daniel Pocock Pursuing Complaint in the United States Against Software in the Public Interest (SPI) et al
It seems like the only people who don't support him are those whom he criticises
Gemini Links 04/07/2026: Busy Squirrel, Independence Day Celebrations, PalmOS Programming
Links for the day
Canonical/Ubuntu is Breaking CP (cp) to Help Microsoft Turn Coreutils Into Proprietary Software for Windows
What we could do reliably in the 1970s (before GNU) we cannot do in 2026?
Brett Wilson LLP is Downsizing, Apparently Closing Down the Oversized and Overpriced Office
Address changed 13 hours ago
Free Software Has No Kings or CEOs
The kingdom is a cross-border phenomenon, so national flags and other such symbolism overlook the core problem [...] Free Software can help lead us out of the current imbalances
The United States Lost Freedom of Speech
independence refers to a condition, not an activity
IBM Replacing the People Who Built IBM With Cheaper and Younger Staff, According to IBM Insiders
This is a very common sentiment in IBM
For USA 250 Microsoft is Messing With Our Minds (2.50%) to Distract From Mass Layoffs
The slopfarms contribute to this noise
"Defective by Design" Turns 20
DBD is still as relevant as ever (probably more relevant than ever before)
A Bicycle for the Feeble Mind, or How Computers Got Worse for Productivity (Intentionally)
Many of us still adopt and champion the "workstation" mentality
Links 04/07/2026: Microsoft Tax Haven (Evasion) Tactics, Tobacco Bans, and More
Links for the day
Links 04/07/2026: 2026 Old Computer Challenge and Trying Gopher
Links for the day
SLAPP Censorship - Part 127 Out of 200: Lawsuits by Americans Filed in the UK a Burden on British Taxpayers, No Way to Recover the Funds When Americans Lose Their Cases
Are Garrett and Graveley 'pulling a 4Chan'?
Links 04/07/2026: USMCA (Covering Software Patents) Might Not be Renewed, Slop Bros Try to Pay Weird Al to Endorse Their Scheme
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 03, 2026
IRC logs for Friday, July 03, 2026