Stuxnet Update, I2P Botnet, and BGP Hacking
Do you have too much to do to follow information security news? Or maybe you feel overwhelmed by so much security news (I sure do) that you don’t know which news is most important. In either case, I’m here to summarize the important stuff for you in my weekly Infosec summary video.
Today’s show talks about a sneaky new botnet and its C&C channel, the latest Stuxnet research, a few important credential breaches, and an Internet-wide man-in-the-middle (MitM) attack that leveraged BGP issues. Watch the episode below for all the details… and if you are hungry for more security news, be sure to check out the other stories in the Reference section.
Show note: We will be skipping next week’s episode due to the US holiday weekend. Have a great Thanksgiving, and don’t get trampled on Black Friday!
(Episode Runtime: 9:40)
Direct YouTube Link: http://www.youtube.com/watch?v=hKegyeVs0cQ
Episode References:
- New botnet called I2Ninja uses I2P darknet as C&C Channel – Trusteer
- Latest Stuxnet researchs shows a earlier and stealthier variant [PDF] – Langner.com
- Hacker’s breach vBulletin Forum pages – Ars Technica
- No proof yet of vBulletin related 0day – Softpedia
- Attackers brute force GitHub login – Github
- Github bans weak passwords – PC World
- Renesys warns of BGP-based Internet Man-in-the-Middle (MitM) attacks – Renesys
Extras:
- Cupid Media suffered a credential leaking data breach – Threat Post
- Exiled hacker finds inappropriate material on Syrian secret police computers – Forbes
- “Free” Bitcoin generator leads to malware – Help Net Security
- US Navy worried about BadBIOS like hacks – SFGate
- Attackers are exploiting a JBoss vulnerability – Computer World
- Jeremy Hammond, the Lulzsec Stratfor hacker, gets a decade in jail – The Register
- Targeted attacks exploiting a 0day in Japanese software – The Register
- Linus Torvald’s dad says the NSA asked for a backdoor in Linux – Vr-zone
- Dread Pirate Roberts tried to assasinate six people? – Krebs on Security
- UK police decided to pay the Cryptolocker ransom (bad form) – The Guardian
- The game company with the sneaky Bitcoin mining feature is fined – IT Pro Portal
- Researchers find lots of flaws in criminal exploit kits – ZDNet
- Cryptolocker charges less due to Bitcoin’s skyrocketing value – F-Secure
- Researchers find lots of flaws in criminal exploit kits – ZDNet
— Corey Nachreiner, CISSP (@SecAdept)
Never previously analyzed the abilities of Stuxnet Mark I and Mark II modifications. After reading the PDF, provided by the link in this episode – I was realy amazing by the malicious power of it.
Just imagine – how many members of the malware writers should be to include such abilities in the code of one malware instance? Stuxnet can:
– be hidden on the systems in sufficient extent;
– infect SCADA management PC-machines;
– interact with SCADA management software;
– “play” with centrifuge using the “knowledge” of particular centrifuge system,
– evade control of sensors somehow;
– and control options for not to create immediate critical breakdown.
All these functions should be optimized, part of code should be obfuscated, and the malware itself should be as small as possible…