Communications of the ACM
Stuxnet Tricks Copied By Computer Criminals
A portion of code from the Flame malware.
Credit: AP/Sebastian Widmann
Security researchers warn that the techniques used in sophisticated, state-supported malware are being used by less-skilled programmers to target Web users.
State-backed malware often targets previously unknown software vulnerabilities, known as zero-days, and their methods can be quickly copied by other programmers, notes Kaspersky Lab researcher Roel Schouwenberg. For example, Stuxnet recently installed fake device drivers using digital security certificates stolen from two Taiwanese computer component companies, allowing them to get past any security software. Now, other malware are using fake certificates in a similar way to hide malicious software from antivirus programs.
"Stuxnet was the first really serious malware with a stolen certificate, and it's become more and more common ever since," Schouwenberg says.
Kaspersky researchers now are studying Flame's modular design, which makes it harder for security companies to track a specific piece of malware. Security researchers say Flame may be the most advanced malware yet developed. "I think we will definitely see more of that [modular] approach," Schouwenberg says. "It provides an up-sell opportunity for these guys if they can sell something, and then offer upgrade kits to improve it later."
From Technology Review
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found