The past week's dominant IT security news included the emergence of Duqu, a new worm that apparently shares code with Stuxnet. More details emerged about a 2010 hack of the Nasdaq board of directors' Web communications.
Symantec set the tone for
the week when it released information about Duqu, a sophisticated worm found
in the wild that appeared to share portions of its code with the Stuxnet worm.
Duqu
turned out to be
two separate programs, with one module based on Stuxnet and the other
module designed to be a keylogger and steal information from the infected
machine. Researchers are still analyzing the worm, but McAfee researchers
raised troubling questions about how the developers had obtained
fraudulent digital certificates to enable stealthy distribution of the
malware.
Even though there were
initial concerns that Duqu was also targeting industrial control systems,
Kaspersky Lab researchers pointed out there was not enough information at this
time to determine what kind of systems Duqu is targeting. Duqu also doesn't
appear to have any self-replication capabilities, nor does it exploit any
zero-day vulnerabilities. But researchers are still trying to find the initial
installer. "Each day that passes and this is undiscovered makes it easier
for the bad guys to continue the operation," said Roel Schouwenberg, a
senior researcher at Kaspersky Lab.
New details have come out
from the ongoing investigation into last year's
attack on the Nasdaq stock exchange. It appears that when attackers
breached the Director's Desk Web application, they not only gained access to
data stored in the system, but they managed to install a monitoring software
that was able to eavesdrop on "scores" of directors' communications.
The application was used by board directors to discuss information relating to
the company's financial performance and other intellectual property.
McAfee finally unveiled two
products based on the DeepSafe technology it worked on with Intel at its Focus
11 conference this week. Ever since the acquisition closed in February,
observers have been waiting for Intel and McAfee to release hardware-based security
products.
Deep Command and Deep Defender products are the first chip-based security
tools designed to detect malware such as rootkits that attack below the
operating system.
Researchers uncovered two
security issues with the Apple iPhone this week. The first issue
was with Siri, the newly unveiled voice-activated personal assistant for
the iPhone. Even if a user has the phone locked with a passcode, an
unauthorized user can perform a variety of tasks, including scheduling
appointments, making phone calls and sending messages, just by activating Siri
and speaking commands, according to a Sophos researcher.
The second issue is actually
not unique to the iPhone, but involves any modern smartphone with an
accelerometer. A team of researchers from MIT and Georgia Tech found that the
accelerometer is sensitive enough to detect vibrations from a user typing on a
keyboard nearby and figure out what the user is typing. The likelihood of
anyone using this
keylogger technique to eavesdrop on users is fairly low, but the
researchers' revelation highlighted how attackers can use smartphones' features
in unexpected ways.
Google took a step toward
making Web surfing safer for all users by making the
secure HTTPS protocol the default for all searches this week. The company's
senior vice president Vic Gundotra also blasted
Facebook for over-sharing user information on Social Apps, where user
activity from other applications is published for other users to see.
Email
Print
