Kaspersky says Sality and Stuxnet are no surprise

According to Vyacheslav Zakorzhevsky, Kaspersky's senior virus analyst and author of the monthly review, cybercriminals are usually very quick to release exploits when new vulnerabilities are discovered.

"The fact that huge numbers of users fail to update their software on a regular basis only encourages them", he said, adding that the extensive media coverage afforded to Stuxnet has only served as an advertisement for the vulnerabilities used by various cybercriminal groups.

Kaspersky's early-October review is billed as showing that the onset of autumn has brought with it advances in the Sality virus and an increase in the number of adware programmes on the web.

The IT security vendor says that the new variant of the Sality virus – known as Sality-bh – was found to be particularly widespread on users' computers.

Sality-bh is a newcomer to the charts, and rose to 11th position, and is being spread using the Trojan-Dropper.Win32.Sality.cx, which uses a vulnerability in Windows LNK files.

Kaspersky reports that this is the first detected zero-day vulnerability to be used by the now infamous Stuxnet worm. This same vulnerability, the vendor goes on to say, was exploited by Trojan-Dropper.Win32.Sality.r back in August. Furthermore, the geographical distribution of the droppers in question mirrors that of the Stuxnet worm, both of them appearing most often in India, followed by Vietnam and then Russia.

In addition, says Kaspersky, a total of seven AdWare.Win32 malware apps made it into this month's top 20 ranking. "These types of adware are more annoying than harmful. Their main aim is to attract the attention of users with advertising banners that are integrated into conventional software. Although they are generally harmless, such programs do slow down the operating speed of a computer", noted the analysis.

So what does Kaspersky think of the Stuxnet virus?

According to the report, because the malware is highly specialised, it didn't make the top 20 over the last month.

"The mass media discussed Stuxnet extensively in September, although the worm was first identified as far back as early July. The worm exploits four different zero-day vulnerabilities; it also used two valid certificates belonging to Realtek and JMicron", says Kaspersky.

"However, the most important feature of Stuxnet is its payload, and this is why the worm received so much attention. The main purpose of this piece of malware is not to send spam or steal confidential user data: it's designed to gain control over industrial systems", Kaspersky adds.

And the conclusion?

"This is essentially a new-generation malicious programme, and its appearance has led to talk of cyberterrorism and cyberwarfare", notes the report.

What’s Hot on Infosecurity Magazine?