Duqu Worm, Nasdaq Spying Lead Week's Security News
Symantec set the tone for the week when it released information about Duqu, a sophisticated worm found in the wild that appeared to share portions of its code with the Stuxnet worm.
Duqu turned out to be two separate programs, with one module based on Stuxnet and the other module designed to be a keylogger and steal information from the infected machine. Researchers are still analyzing the worm, but McAfee researchers raised troubling questions about how the developers had obtained fraudulent digital certificates to enable stealthy distribution of the malware.
Even though there were initial concerns that Duqu was also targeting industrial control systems, Kaspersky Lab researchers pointed out there was not enough information at this time to determine what kind of systems Duqu is targeting. Duqu also doesn't appear to have any self-replication capabilities, nor does it exploit any zero-day vulnerabilities. But researchers are still trying to find the initial installer. "Each day that passes and this is undiscovered makes it easier for the bad guys to continue the operation," said Roel Schouwenberg, a senior researcher at Kaspersky Lab.
New details have come out from the ongoing investigation into last year's attack on the Nasdaq stock exchange. It appears that when attackers breached the Director's Desk Web application, they not only gained access to data stored in the system, but they managed to install a monitoring software that was able to eavesdrop on "scores" of directors' communications. The application was used by board directors to discuss information relating to the company's financial performance and other intellectual property.
McAfee finally unveiled two products based on the DeepSafe technology it worked on with Intel at its Focus 11 conference this week. Ever since the acquisition closed in February, observers have been waiting for Intel and McAfee to release hardware-based security products. Deep Command and Deep Defender products are the first chip-based security tools designed to detect malware such as rootkits that attack below the operating system.
Researchers uncovered two security issues with the Apple iPhone this week. The first issue was with Siri, the newly unveiled voice-activated personal assistant for the iPhone. Even if a user has the phone locked with a passcode, an unauthorized user can perform a variety of tasks, including scheduling appointments, making phone calls and sending messages, just by activating Siri and speaking commands, according to a Sophos researcher.
The second issue is actually not unique to the iPhone, but involves any modern smartphone with an accelerometer. A team of researchers from MIT and Georgia Tech found that the accelerometer is sensitive enough to detect vibrations from a user typing on a keyboard nearby and figure out what the user is typing. The likelihood of anyone using this keylogger technique to eavesdrop on users is fairly low, but the researchers' revelation highlighted how attackers can use smartphones' features in unexpected ways.
Google took a step toward making Web surfing safer for all users by making the secure HTTPS protocol the default for all searches this week. The company's senior vice president Vic Gundotra also blasted Facebook for over-sharing user information on Social Apps, where user activity from other applications is published for other users to see.