ESET Threat Blog

I just came across a post from The H telling us that US government warns of potential Stuxnet variants. Of course, concern about the availability and possible portability of the code is hardly a new concern, but it turns out the article refers to a "Statement for the Record" to the (deep breath) United States House … Read More…

I've stopped maintaining Stuxnet resource pages recently, but occasionally I come across an article that adds something useful to the mix, or simply summarizes aspects of the Stuxnet story neatly and accurately. Besides, its authors must be feeling a little left out with all that fuss about TDL4.
A recent report in Wired gives … Read More…

Earlier this year I delivered a presentation at Infosec Europe on SCADA issues, a topic that's come up a lot in my articles here.
There isn't a paper to go with that presentation, but the barebones slide deck on the ESET white papers page has now been replaced with a version – Infrastructure Attacks: The Next … Read More…

In fact, the main point of the article I just sent up to SC Magazine's Cybercrime Corner, "Stuxnet: Paradigms Lost and Paradise Regained" is that the 'next Stuxnet' probably won't be any such thing, whatever we may choose to call it.
Stuxnet was certainly a warning, but the message is a bit less dramatic than a … Read More…

… albeit more slowly than previously. Added to the resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 today:
A nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged as the most sophisticated malware ever. See, for instance, http://gcn.com/articles/2011/01/18/black-hat-stuxnet-not-superworm.aspx. (Hat tip to Security Garden for the pointer.)
Eugene Kaspersky … Read More…

Kelly Jackson Higgins in a Dark Reading article tells us that Malware Attacks Decline In SCADA, Industrial Control Systems, quoting a report published by the Security Incidents Organization drawing on its Repository of Industrial Security Incidents (RISI) database.
One aspect that's attracted attention on specialist lists is the mention of a large US power company that … Read More…

Added 5th March 2011 to the Stuxnet resources page at http://blog.eset.com/?p=5945.

Myriam Dunn Cavelty at Parliamentary Brief Online (29 October 2010): The real cyberwar is about beating the crooks and the spooks
Myriam Dunn Cavelty and Oliver Rolofs for Munich Security Conference: MSC Booklet Paper: From Cyberwar to Cybersecurity: Proportionality of Fear and Countermeasures

Hat tip to @vmyths, … Read More…

Added to the Stuxnet resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 on 4th March 2011:
Ralph Langner at the TED Conference, as summarized by the BBC: US and Israel were behind Stuxnet claims researcher.
As previously mentioned at http://blog.eset.com/2011/03/03/nice-stuxnet-commentary-and-hype-deflation. (Hat tip to Mikko Hypponen. Again!)
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
jQuery(document).ready(function($) { window.setTimeout(‘loadLinkedin_6259()’,1000);window.setTimeout(‘loadFBLike_6259()’,1000);window.setTimeout(‘loadGoogle1_6259()’,1000);window.setTimeout(‘loadGBuzz_6259()’,1000);window.setTimeout(‘loadTwitter_6259()’,1000); }); function loadLinkedin_6259(){ jQuery(document).ready(function($) { … Read More…

Some extra resources:

J. Oquendo takes a cold, clear look on Infosec Island at some of the hype that surrounds the Stuxnet story: Cyberterrorism – As Seen On TV
While Visible Risk, while by no means entirely negative about the Vanity Fair Stuxnet story (see http://blog.eset.com/2011/03/02/more-on-stuxnet), makes an entirely reasonable point about Irresponsible Sensationalism. I have to … Read More…

The February ThreatSense Report is now available from the ESET Threat Center. As well as the top ten threats reported globally by our ThreatSense.Net telemetry, it includes feature articles from Josep Albors and Urban Schrott, as well as some shorter news items:

From Russia with spam (Josep Albors)
Misplaced trust in trustworthy names? (Urban Schrott)
Nothing exceeds like … Read More…