ReadWriteWeb

To all the other "aaS" providers out there, add this one: MaaS, for malware as a service. Yup, the bad guys have their own routines that can provide a one-stop, full-service shopping for fraudsters. How depressing is that?

Turns out, very depressing.

Last week the news blogs were filled with information about a second attack on a computer-based supervisory control system (SCADA) at the Curran-Gardner Township Public Water District based near Springfield Ill. The first was the Stuxnet malware targeted at an Iranian nuclear facility that was extensively covered. We wrote about how the Symantec anti-virus researchers decompiled the malware and demonstrated it to us here earlier this summer, and how variants on Stuxnet called Duqu were also found last month floating around European networks.

The same Symantec team that cracked Stuxnet has found new variations on the same theme in packet captures from European networks. They published a blog entry and a full report that analyzes what the impacts of the virus would be, since the exploit isn't quite a finished product yet, and not all pieces of the exploit have been recovered. It is well worth careful reading.

It may not be an independent source of data about Windows, but Microsoft's system of telemetry for tracking the causes of system failures, is orders of magnitude more sensitive than anything else in the field. A report released by Microsoft this morning reveals that what would have been a record quiet year for Windows security was pretty much wiped out by one stupid little flaw that Microsoft can't completely patch.

Today eEye Digital Security released the results of a survey of over 1,600 IT administrators, managers and C-level executives about their top security concerns. Most respondents said that high profile malware like Project Aurora and Stuxnet were either small or very small threats to their enterprises. Slightly more were concerned about government or state sponsored hacking. But most still saw this as a low priority.

So what are they actually worried about?

Some variety of Stuxnet is on GitHub. Crowdleaks posted the code but it's uncertain if its the actual source or that of code posted by an organization possibly working on behalf of a government organization.

Stuxnet, as you may recall, is a virus that targets industrial control systems. It's already been given credit for disrupting Iran's nuclear program. We wrote recently how you can protect your organization from a Stuxnet attack.

Late last year the Stuxnet made international headlines by infecting computers at an Iranian nuclear power plant. Much of the coverage has been focused on speculation as to who was behind the malware, which appeared to be designed specifically to target nuclear power plants with certain types of equipment. But how were the creators of Stuxnet able to infiltrate a high security nuclear power plant? According to Symantec, one of the key components in the attack was a legitimate digital certificate. The attackers either stole a private key, or were able to get their files signed. How can you keep your digital certificates and encryption keys safe?

Although attacks by governments against their own people using the Internet get more press, warfare between countries has been spreading online for some time. Most of the instances that have come to light have been viruses designed to stop, or slow down, activities in another country that the attacking country feels threatened by, or spying operations.

The United States, like most governments, has developed teams and tools to wage Web warfare. But not all the tools are what we would normally think of as offensive weapons. The U.S. military, it turns out, can force a country that has disconnected itself from the Internet back online.

A three-month investigation published Saturday by The New York Times indicates the Stuxnet virus that did damage to Iran's nuclear program may well have been a joint project between the American and Israeli government.

The "Dimona complex" located in the southern Negev desert in Israel, where that country is said to have centered its nuclear weapons program, may for two years have been the proving ground for Stuxnet as well.

Stuxnet is a computer worm that can do as much damage as a bomb could in destroying an industrial plant or military installation. The Wikipedia entry about Stuxnet says it is the first discovered worm that spies on and reprograms industrial systems.

Stuxnet's capabilities are clear following its use to attack Iran's nuclear installations. The implications are considerable. Any enterprise that uses industrial control systems could be attacked by the worm, potentially causing as much damage as any sort of explosion.