TechBlog

W32.Stuxnet has been a subject of much discussion amongst security researchers and media, and we posted a series of blogs on the subject. As you may already be aware, Stuxnet is hot topic as the threat targets industrial control systems in order to take control of industrial facilities and systems, such as manufacturing assembly lines and even power plants. Because Stuxnet is such major news, the miscreants who like to spread malware are not wasting much time taking advantage of this for their malicious activities. In our investigations we have discovered that various forums are discussing a free Stuxnet removal tool but unfortunately the tool is actually a piece of malware. We successfully obtained a sample of this tool and our analysis supported our sense of danger: Bottom line is, do NOT run the tool. ...

Windows/Mac/Linux: Chrome has hit version 8 in its Dev builds, adding more solid graphics acceleration to the web using your video hardware, along with a few new Labs features that herald the coming of Chrome OS. If you’re using the Dev channel, open up a tab and type in about:labs. You’ll notice features there to turn off outdated plug-ins, enable “Remoting” support for Chrome, turn on the very useful Google Instant in the Chrome Omnibar, and enable a few other useful features, including GPU acceleration of the HTML5 Canvas feature. ...

Some domain names make you cringe, some make you smile… Such was the case this morning, with redpoo.com a domain name whose registrar is the Center of Ukrainian Internet Names, and registered to: Igor Nikenin ul. B. Pertrovskaya, dom 12, kv 74 Rostov na Donu, 344000 RUSSIAN FEDERATION The servers’ IP, 121.156.57.184, is located in the Republic of Korea. Other than the poor joke, the site serves various exploits which you can view in this Wepawet report. ...

As announced last Friday, Microsoft released 16 security bulletins on the October Patchday. They fix security vulnerabilities in various Windows operating systems and components like Internet Explorer, Windows Kernel, .Net frameworks, and Microsoft Office. Affected are all operating systems from Windows XP to Windows Server 2008 R2. Office needs to be updated from version XP to 2010 – also the Mac OS flavours. The patches fix critical rated vulnerabilities in Internet Explorer 6 to 8. ...

Usually I have to wonder how much inventiveness the spammers and Phishers show. But, from time to time, it is funny to see some really stupid Phishing attempts. I do hope that nobody is falling for these puny attempts to fake Paypal we found today. The email below is being sent with a German subject line and it is pretending to come from a German mail address, but the mail itself is written in English and it is allegedly pointing to paypal.com instead of paypal.de. ...

During the weekend our spamtraps received large amounts of emails pretending to come from Twitter. This time, the social engineering twist lies within the subject of the email: It is “You have 2 urgent messages from Twitter!”, creating psychological pressure by some kind of emergency within in the social surroundings of Twitter users. This way the spammers try to increase the rate of the users that are opening the email and click on the links. ...

The Redmond company today announced that it plans to release 16 security bulletins on coming Tuesday, Microsoft’s official monthly Patchday in October. Never before Microsoft released so many security bulletins on a Patchday. Four of these security bulletins are rated critical by the company. Thus they allow attackers to inject malicious code into computers without user interaction. Ten get the rating important, and another two are rated moderate. Affected are all supported Windows operating systems from Windows XP to Windows 7 as well as Windows Server 2003 and 2008 – not only the 32-bit flavours, but also the 64-bit versions. Also, all Microsoft Office Versions starting from Office XP are vulnerable, including Office for Mac. ...

Hmmm. That’s not what the source code says We started out the day fat fingering the spelling of “youtube.com” and ended up at the typo squatting site behind the URL “youube.com.” youube.com redirects you to http://youtube.com-prizes.com – obviously a URL intended to make you think it’s really YouTube. Like so many of these “survey” scam web sites, the offer was available “today only: Thursday, October 7, 2010.” Obviously, this is to add a little bit of sales pressure to make a visitor go for the prize ASAP, or at least before midnight. ...

Our friend in the UK got this via a contact. It was from a Twitterer who obviously had his Twitter login stolen: (Twitter apparently is filtering this URL at this point.) The link led to a phishing page that used the deceptive tactic of showing an error message: “Wrong Username/Email and password combination.” You login, it steals your Twitter password, sends the above Tweet to all your contacts and continuing rounding up passwords. ...

How does one say in French: “We’re gonna make an example out of you, boy” The Toronto Sun is reporting that convicted spammer Adam Guerbuez of Montreal has been ordered to pay $1 billion to Facebook by Quebec Superior Court. The court was upholding a U.S. Federal court fine that resulted from a wave of four million spam ads sent to Facebook users in 2008. Guerbuez did not contest the Sept. 28 Quebec Superior Court ruling. ...