A who's who of Mideast-targeted malware

What's up with all the malware aimed at the Middle East?

For the second time in two weeks a virus outbreak has been reported at an energy company in that region. Qatari liquified natural gas producer RasGas said its corporate network and Web site were down after getting hit by a virus on Monday. Earlier this week the Saudi Aramco oil company confirmed that its network was hit by a virus two weeks ago, shutting down 30,000 workstations. Neither company identified the virus, but in at least one of the cases it is believed to be malware known … Read more

New Kaspersky appeals to your cash sense

A safer way to conduct online transactions and a new exploit blocker are the keystones to Kaspersky Lab's 2013 security suites, the company announced today.

The major new feature that's in both Kaspersky Internet Security 2013 (download exclusively from Download.com today) and Kaspersky Anti-Virus 2013 (download) is the exploit blocking engine called Automatic Exploit Prevention. It's a response to the increase in the number of phishing attacks and includes an anti-phishing engine -- similar to the antivirus and anti-malware engines -- that updates daily.

Roel Schouwenberg, a senior antivirus researcher at Kaspersky and founding member of … Read more

Behind the 'Flame' malware spying on Mideast computers (FAQ)

The Flame worm that has targeted computers in the Middle East is being called "the most sophisticated cyberweapon yet unleashed" by Kaspersky Lab researchers who discovered it. Lurking on computers for at least five years, the malware has the ability to steal data, eavesdrop on conversations, and take screen captures of instant message exchanges, making it dangerous to any victim. But a possible link to malware found on computers in Iran's oil sector has experts saying it's got to be the work of a nation-state.

CNET talked with Roel Schouwenberg, senior researcher at Kaspersky, the company … Read more

Flame: A glimpse into the future of war

If you roll your eyes at the term "Digital Pearl Harbor," you have my sympathy. We've been warned about the specter of an enemy attack via bits and bytes for several decades, with no real evidence that this is a realistic possibility and not mere hype.

Still, a new worm that's been spying on infected computers in the Middle East has been called a "cyberweapon," and while we're not talking outright combat, it's clear that malware is increasingly playing a part in geopolitical diplomacy and conflict.

This week brought news of not … Read more

Microsoft fixes Duqu hole, but not BEAST problem

Microsoft has finally patched a flaw being exploited by the Duqu Trojan, but a fix to protect Internet Explorer users from having their encrypted communications snooped on didn't quite make the cut.

As part of Patch Tuesday today Microsoft released 13 security bulletins, fixing 10 important bugs and three critical ones, according to the advisory.

MS11-087 fixes a critical hole in the TrueType font handling in the Windows kernel that could allow an attacker to take control of a machine. It has been used in the wild to infect systems with the Duqu malware. "Now that the patch … Read more

Microsoft patches critical Windows bug, but not Duqu flaw

Microsoft released a security update to fix one critical and three less serious Windows holes but is still working on a patch for a flaw being exploited by the Duqu Trojan.

The most serious of the updates is MS11-083, which could allow an attacker to take over a computer by sending a large number of malicious UDP packets to a closed port on a target system, the Patch Tuesday security bulletin said. It plugs a vulnerability in the TCP/IP stack in Windows 7, Vista, and Server 2008.

"Since this vulnerability does not require any user interaction or authentication, … Read more

Microsoft issues temporary fix for critical Windows hole

Microsoft issued a temporary fix this evening for a previously unknown critical Windows vulnerability being exploited by the Duqu Trojan to infect systems.

The software giant said in an advisory issued late tonight that a flaw in the Win32k TrueType font-parsing engine affected every version of Windows from XP through Windows 7. The vulnerability is related to the spread of the Duqu malware, a Stuxnet-like Trojan infecting computers via a Word document.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," the advisory warned. "The attacker could then install programs; view, change, … Read more

Zero-day Windows kernel bug used in Duqu infections

Researchers have figured out one way the Stuxnet-like Duqu Trojan is infecting computers--via a Word document that exploits a previously unknown Windows kernel bug.

The installer file is a Microsoft Word document that exploits the kernel vulnerabilty, which allows code to be executed on the infected system, Symantec said in a post on its site. There may be other infection methods used by other Duqu variants that have not been uncovered yet, Kevin Haley, a director with Symantec Security Response, told CNET.

Microsoft is working on a fix, according to Jerry Bryant, group manager for response communications at Microsoft Trustworthy … Read more

New data-stealing Trojan could be Stuxnet version 2.0

Malware has been discovered on computer systems in Europe that has identical code to the Stuxnet worm and could be the precursor to the next big computer attack on critical infrastructure systems, Symantec said today.

Unlike Stuxnet, which targeted specific Siemens SCADA (supervisory control and data acquisition) software and appeared to have been written to sabotage Iran's nuclear program, the new malware installs a backdoor and is designed to gather information, like design documents, that could be used in future attacks, Symantec said.

The malware, written to run on Windows systems, is dubbed Duqu because it creates file names … Read more