Stuxnet

Stuxnet is a new piece of malware that is spreading widely through the use of USB flash drives. It is starting to be quite a danger, especially in industrial plants, and many in the security business are getting very nervous. What follows is an FAQ about the Stuxnet malware.

How does Stuxnet spread?

Stuxnet spreads through USB devices. A recently discovered Microsoft Windows vulnerability has been found to allow a program to run just by browsing to a folder that contains a shortcut to it, or a ".lnk" file. Once the worm runs it scans to see if the computer is running software created by a company known as Siemens, which is very popular in certain industries. If this is the case, the worm is able to install itself on the victim computer. It will infect all future removable media that is connected to the computer and installs a rootkit, a very sophisticated type of software that deletes all record of the worm existing on the computer. After that the computer continues to steal as much data as possible from the computer and transmit it back to a remote location.

What does Stuxnet do?

Stuxnet is considered by many people to be the first-ever "control system" malware. What this means is that it has the capability of infecting control systems for large companies and factories that use software created by Siemens. Unfortunately, this software is very widely used, especially in large industrial manufacturing organizations, small and large utilities, and even defense systems. In one case it was found that this software could infect nuclear-powered aircraft carriers.

How widespread is Stuxnet and where is it most common?

At the moment Stuxnet is not that widespread. It is most common in India, Indonesia, Iran, Pakistan, Afghanistan, the United States, and Malaysia, in that order. However, it has the potential to spread very rapidly. It only affects computers running Siemens software, but computers without that software can still act as "carriers," infecting other removable media that is inserted into them. Other countries have seen infections, but mostly they have been localized and have not caused any damage so far.

 

How dangerous is Stuxnet?

This is always the big question with a large virus outbreak. Right now Stuxnet is not that dangerous. Unfortunately, it is targeted at "Control Systems." Siemens is most known for making software for sophisticated systems used in such areas as the military, large industrial plants, and utility plants. If any of these were to be infected the damage could be irreparable. The infection is clearly tailored to steal confidential information and possibly shut down "smart grids." Therefore, while it is not a danger to consumers, any large corporation or plant must be very careful to avoid this infection.

Scams, Spam and Facebook?

In this blog, I want to warn you of the dangers of spam and scams.

"Spam is the abuse of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately."

Spam fills your inbox with offers of cheap meds, cheap sex, cheap travel and all kinds of other stuff. I have to be honest. If I responded to every one of the spam emails I got, I'd be broke. I would have my identity stolen. I would probably have a stock pile of sugar pills and vacation after vacation in the ghettos of Mexico and other places.

What I really want to make you aware of is the scam aspect of spam. Emails with subject titles like "I've got a message for you" or "Is this you?" are just ways to get you to open the mail and read the ad that is inside. This is where the scam aspect of spamming comes in. They hook you with bleeding heart messages like "help Haiti" or "Help Chile." Once you have clicked on the link, your computer is infected with viruses and trojans. They use the information you use to "Donate" and keep your money. The best guideline for spam - dont open email if you don't know who it is from. The "from" part of your mailbox is like the peephole on your front door, if you don't know the person knocking...you simply do not let them in.

Here is where I get to talk a little about the new Facebook scams going on. The newest spam/scam is made to look like it comes from your friends. You get a nice little invite in your message folder from what looks like your friends. The message says "Click here to RSVP." Well, clicking this link takes you to another website that infects your computer. Again the best way to prevent this is to not click on "it." Nine times out of ten, a person will tell you about an event before it hits Facebook. If you don't know about it...don't click on it.


Below are a few guidelines to follow from http://www.usaaedfoundation.org/pdf/572.pdf



How can you have fun online while protecting yourself?

-Do not post information that will identify you, including:

● Your full name.

● Your home address or phone number.

● Your Social Security number.

● Passwords.

● Credit card or bank account numbers.

● Names of family members or friends.

● Your workplace or favorite hangout.

● Names of clubs or organizations to which you belong.

● Historical information that could identify your past residences.

● Do not use a nickname that can be used to identify you (for example, “CharlestonLawyer,” “CindyFromTulsa” or “KyWildcatMom”).

● Never share your account password.

-Protect Your Computer System

● Consider using encryption to protect your personal information.

● Shut down your computer when it is not in use — especially in public places, such as Internet cafes, coffeehouses or airports.

● Keep your antivirus and antispyware programs, other software and operating systems updated to protect against new attacks.

● Consider using a firewall on your system to protect against hackers accessing your system remotely.

● Think about how your e-mail message will be read by others. Do not say anything online that is cruel or may damage someone’s reputation. Doing so puts you at risk of being accused of slander or defamation, or may cause a dangerous escalation of hostilities.

● Do not give out personal information about someone else.

● Do not forward another individual’s e-mail without their permission.

● Never allow anyone to photograph you in an embarrassing or compromising situation.

● Never post anything that would cause you embarrassment or shame. The Internet is the most public of forums — once you have posted a comment, a photo or a video, it cannot be erased or taken back. You cannot control its duplication and it may be used against you.

● Do not send photos of yourself or family members to Internet acquaintances. Photos can be altered and sent to others, and elements in photos — a landmark or a street name, for example — can be used to identify your location.

● Remember that, once posted, the information can be seen by anyone with a computer and an Internet connection: family and friends, employers or potential employers, admissions officers at schools you might like to attend — even police and other law-enforcement authorities.



Following these guidelines and taking to heart the information I have written about are just small steps that will have a huge effect on keeping you, your computer and your family safe from Scams, Spam, and Facebook.

Fortinet Utilization

For those of you who don’t know I work for a school district in Columbia, SC. The Children’s Internet Protection Act (http://www.fcc.gov/cgb/consumerfacts/cipa.html) requires us to filter our internet connection. When I started about 8 months ago we decided to switch from Smart Filter monitoring to Fortinet. As a Security Admin of course this was my task. The Smart Filter, known to most of us as Bess, was not functioning properly and quite frankly a piece of junk. Smart Filter is run from a server, in our case it was a Windows Server 2003 machine. The device logs were inaccessible when I came in and it was even difficult just to log into the machine. We did away with the device and sprung for the Fortinet equipment two Fortiguard boxes and a nice new Fortianalyzer box. These are dedicated physical devices that do not have a Windows based operating system. The two Fortiguard devices operate in a failover mode so we have one as back-up if the other box has a problem.


I was a bit skeptical that a physical device could handle the traffic that we see daily. This device is a Firewall, Internet Filter, IPS/IDS, VPN router, proxy, packet shaper and an endpoint solution manager. It seemed a lot to have this one device handle all of these, I was of course proved wrong. Immediately during installation we were able to stop use of our Packeteer saving us the task of troubleshooting it. Installation was easy having our vendor come in and help us. Our connection was down for about 10 minutes total.

We started off slowly letting the Fortiguard handle the packet shaping and filtering. We had to enter about 30 custom entries. In the next months we turned on the proxy server which yielded a constant 20% traffic reduction on out WAN line. We are in the process of changing from Cisco ASA firewalls to the Fortiguard system. I am currently testing the Forticlient endpoint antivirus which seems to be pretty powerful.

Fortinet customer support is amazing they offer web-chat and toll free phone support. We have had minimal problems with this device(ill go over those and how to troubleshoot in a separate post). This is a great device I recommend it to anyone who is in the security field and is looking to save money and have a reliable piece of equipment. Currently we are utilizing only 40% of the CPU and 29% of the memory, that’s pretty good for 13000 computers and about 500 servers.