Stuxnet and fake certificates dominate the Q3 malware landscape

During the third quarter, the IT security vendor says that the well publicised Stuxnet epidemic received the most attention, which confirms the theory that malware is rapidly becoming more sophisticated.

An analysis of the worm, says Kaspersky, shows that it was designed to change the logic within programmable logic controllers (PLCs) embedded into inverters, which are used to control the rotation speed of electric motors. These PLCs operate with very high speed motors that have limited applications, such as those in centrifuges.

"Stuxnet is the most complex piece of malware in cybercriminals arsenal to date. The epidemic also marked the beginning of the era of attacks on industrial targets", says the analysis.

"The worm is unique in that it uses as many as four zero-day Windows vulnerabilities at the same time in order to infiltrate victim computers, and has a rootkit component signed with certificates stolen from integrated circuit manufacturers, Realtek Semiconductors and JMicron", it adds.

But it's not all about Stuxnet, as Kaspersky Lab says that the last quarter has shown how cybercriminals have developed their tactics to make it increasingly difficult for users to identify malicious files.

The creators of adware, riskware and rogue AVs, says the company, frequently use stolen certificates to prevent their malware from being detected.

According to Yury Namestnikov, the author of the report – IT Threat Evolution for Q3-2010 – "judging by what we are seeing today, the problem of stolen certificates may become even more significant in the New Year."

One of the other rising issues identified in Namestnikov's report is the increase of sophisticated malware capable of running on 64-bit platforms.

The analysis says that, during Q3, exploiting vulnerabilities, as before, has remained highly popular with the cybercriminal fraternity.

"Four new vulnerabilities emerged in the quarterly ranking: two in Adobe Flash Player products, one in Adobe Reader and one in Microsoft Office. Additionally, the Top 10 included three vulnerabilities discovered in 2009 and one discovered in 2008", says the report.

"This statistic shows that some users have not updated their software for years. All of the vulnerabilities listed in the Top 10 allow cybercriminals to take full control of the target system", it adds.

Namestnikov said that the third quarter's events demonstrate that we are currently on the threshold of a new era in the evolution of cybercrime.

"The concept of mass infection, as seen with the Klez, Medoom, Sasser and Kido worms is going to give way to precision strikes", he noted.

What’s Hot on Infosecurity Magazine?