More Sophisticated Spyware Hits Utility Systems - "Stuxnet" Gone Wild

Posted on July 27, 2010 by Paul Stanfield

Cyber security experts are scrambling to assess the past effects and the potential of a recently detected malware that has targeted utility systems primarily in the Middle East (beginning in Iran) and the United States. Microsoft has named the Trojan intruder “Stuxnet”.

On a very basic level, here is what Stuxnet does:
1. So far, it has targeted a Siemens system (SCADA) used primarily in the operation and control of electric power plants;
2. It has been carried on USB sticks that, when attached to a computer, automatically executes without any further action by a user, even if the AutoRun function is disabled;
3. The Trojan then seeks out and copies certain database information, including power plant designs;
4. Stuxnet exploits a flaw in the shortcut links files in Windows.

Microsoft has issued a work around that essentially turns off the shortcut function and changes the shortcut icons appearance on the screen.

So, if this only targets utility companies, unless you are a utility company or have one as a client, why should you care? Experts surmise that this was created to carry out industrial espionage but the same technique can be used for other targets. It could be used to target other trade secrets, personal financial information, medical records, etc.

We talked to a local security expert and there are reports that Stuxnet or variants are “in the wild” and could be delivered by a manner other than USB sticks via networks and remote web servers.

McAfee alleges that it has a defense against Stuxnet as does Symantec. As we noted in earlier posts (see here and here), these are examples of blacklisting. CoreTrace has demonstrated effectiveness against the intruder by using the whitelisting capabilities of its product Bouncer. See the YouTube video here:  http://bit.ly/bFCEdc.

This attack seems to be much more targeted and much more sophisticated that most of the prior threats and may herald a new age of malware menace.

So, it’s a dangerous cyber world out there. Use protection.
 

Tags: , , , , , , , , , , , , , ,

Microsoft sues SalesForce.com for Patent Infringement

Posted on May 21, 2010 by Stuart Hiserodt

 

Ina Fried, from CNET.com, reported this week that Microsoft filed a patent infringement case against SalesForce.com. SalesForce.com is, among other things, a customer relations management (CRM) software company that provides its product through the cloud. Microsoft is no stranger to patent lawsuits. In fact, they were just ordered to pay $200 Million to Virnet X in a patent infringement lawsuit regarding VPN technology. However, the peculiar thing about the lawsuit filed against SalesForce.com was that it was Microsoft doing the suing. Microsoft has only filed 4 suits against competitors. Most infringement issues involving Microsoft commonly end up in some type of license agreement with the alleged infringer. (See HTC) From this Microsoft receives damages and then licenses their technology to the competitor. However, there appears to be more uncertainty surrounding this case.

 

It is no secret Microsoft is one of the more established players in the IT world. However, Microsoft, along with everyone else has been losing ground to Google. Microsoft and Google are competitors in e-mail (Gmail/Hotmail), browsers (chrome/IE), search engines (Bing/Google), electronic documents (Office/Google docs), and soon in operating systems (Windows/Chrome OS). Microsoft is attempting to chase Google into the cloud computing realm, as evidenced by the direction Office 2010 and other products are trending. The lawsuit against Salesforce.com might be just another way to gain ground. One of the benefits of being in the game as long as Microsoft has is that they have ownership to some of the foundational technology we all use today. Take a look at the subject matter referenced in these patents:

 

Ø       7,251,653: Method and system for mapping between logical data and physical data

Ø       5,742,768: System and method for providing and displaying a web page having an embedded menu

Ø       5,644,737: Method and system for stacking toolbars in a computer display

Ø       6,263,352: Automated web site creation using template driven generation of active server page applications

Ø       6,542,164: Timing and velocity control for displaying graphical information

Ø       6,281,879: Timing and velocity control for displaying graphical information (the 164 patent above looks to just be a continuation of this patent)

Ø       5,845,077: Method and system for identifying and obtaining computer software from a remote computer

Ø       5,941,947: System and method for controlling access to data entities in a computer network

 

All of these patent subjects are associated with cloud computing factors. This is no surprise since Salesforce.com is run from the cloud, but it does question what Microsoft will do next? Will they pursue other companies that infringe on the broad patents? Are they trying to get enforcement out of their patents before the Supreme Court returns an opinion on In re Bilski? Are they just trying to get another license agreement?

Tags: , , , , , , ,