Stuxnet

Stuxnet is a new piece of malware that is spreading widely through the use of USB flash drives. It is starting to be quite a danger, especially in industrial plants, and many in the security business are getting very nervous. What follows is an FAQ about the Stuxnet malware.

How does Stuxnet spread?

Stuxnet spreads through USB devices. A recently discovered Microsoft Windows vulnerability has been found to allow a program to run just by browsing to a folder that contains a shortcut to it, or a ".lnk" file. Once the worm runs it scans to see if the computer is running software created by a company known as Siemens, which is very popular in certain industries. If this is the case, the worm is able to install itself on the victim computer. It will infect all future removable media that is connected to the computer and installs a rootkit, a very sophisticated type of software that deletes all record of the worm existing on the computer. After that the computer continues to steal as much data as possible from the computer and transmit it back to a remote location.

What does Stuxnet do?

Stuxnet is considered by many people to be the first-ever "control system" malware. What this means is that it has the capability of infecting control systems for large companies and factories that use software created by Siemens. Unfortunately, this software is very widely used, especially in large industrial manufacturing organizations, small and large utilities, and even defense systems. In one case it was found that this software could infect nuclear-powered aircraft carriers.

How widespread is Stuxnet and where is it most common?

At the moment Stuxnet is not that widespread. It is most common in India, Indonesia, Iran, Pakistan, Afghanistan, the United States, and Malaysia, in that order. However, it has the potential to spread very rapidly. It only affects computers running Siemens software, but computers without that software can still act as "carriers," infecting other removable media that is inserted into them. Other countries have seen infections, but mostly they have been localized and have not caused any damage so far.

 

How dangerous is Stuxnet?

This is always the big question with a large virus outbreak. Right now Stuxnet is not that dangerous. Unfortunately, it is targeted at "Control Systems." Siemens is most known for making software for sophisticated systems used in such areas as the military, large industrial plants, and utility plants. If any of these were to be infected the damage could be irreparable. The infection is clearly tailored to steal confidential information and possibly shut down "smart grids." Therefore, while it is not a danger to consumers, any large corporation or plant must be very careful to avoid this infection.

Novell problems and why you should probably stick with Active Directory

Working for an institution that amazingly loves Novell, that is the old guys love Novell while us young guys would love to see it go away, I have learned a thing or two. Novell is buggy, unreliable, horrible, and hates change. Some companies should go the way of the dinosaurs and just go extinct. Novell was founded in 1979 as Novell Data Systems Inc. they started as a computer manufacturer and DOS maker. Novell has acquired many consulting firms and software firms over the years and even made a few deals with Microsoft. This is great and for a company to stick around this long is also amazing, there are only a few software companies that can maintain for so many years. Novell’s background isn’t the problem, Novell is Novell’s problem.
Let’s get a few things straight first, I in no way and a complete fan of any OS or software company, nor have I ever worked for one. My personal experiences and troubleshooting is what gives me these perspectives. I have only dealt with Novell since Windows 2k but have worked with it through XP, 2000 and now Windows 7.

Some of our main problems have stemmed from Novell authentication and hindered our use of other devices like the Fortinet. Novell Zen Works Imaging engine, worked for maybe a full 24 hours before one of the admins had to rebuild it. After rebuilding it every day for about two weeks we’ve decided to use Closezilla (http://Clonezilla.org). Novell’s authentication errors have caused many of our PCs to take close to 30 mins to log in. Our software/hardware inventory program was at its greatest time 2 weeks behind in reporting. Novell’s Windows 7 client is a joke and hardly works, if it works at all. Imaging Windows 7 computers has been fun but when I install the Novell client it becomes a headache.

I will give in and say our Novell Tree structure isn’t the greatest, but a lot of the problems with it could have been prevented if Novell wasn’t so horrible. Changing our tree or fixing the current issues are such a hassle that no one wants to take the challenge of correcting them.

Personally my feelings are that AD is a much better utility and much easier to manage. Active directory is just so much better when it comes to creating and deleting anything. Novell is all over the place when it comes to file placement. Active Directory is a little smarter more intelligent, itll put files together instead of all over the disk or shares.

I would love to see Novell go the way of the dinosaur or the way of the Ford Pinto rather.