{"id":71987,"date":"2014-08-28T11:21:49","date_gmt":"2014-08-28T15:21:49","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-08-25T15:19:12","modified_gmt":"2021-08-25T19:19:12","slug":"millions-of-pcs-still-have-stuxnet-bug","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/millions-of-pcs-still-have-stuxnet-bug\/","title":{"rendered":"Millions of PC’s Still Have Stuxnet Bug"},"content":{"rendered":"

\"Millions<\/a>Lately, I have covered a few pieces of old IT business here<\/a>, here<\/a>, and<\/a> here<\/a>. And here is another piece of old business from Infosecurity Magazine<\/a>.<\/em>\u00a0Tara Seals<\/a> at Infosecurity Magazine<\/em> recently pointed out<\/a> new research from Kaspersky<\/a>. <\/strong>They are reporting that there are 10’s of millions of systems<\/strong> that are still vulnerable<\/strong> to the most infamous malware families that enabled Stuxnet.<\/p>\n

Patched in late 2010<\/h3>\n

\"Radar\"<\/a>Research by Kaspersky has found the vulnerability that allowed Stuxnet<\/a><\/strong>, Flame<\/a>, and Gauss<\/a> malware<\/a> campaigns (CVE-2010-2568<\/a>) is still being exploited. <\/strong>They are still being exploited despite the flaw having been patched<\/a> in late 2010 by Microsoft<\/strong>. Kaspersky Lab<\/a> reported more than 50 million detections on more than 19 million computers worldwide in the past eight months.<\/p>\n

The lack of patching by IT administrators is surprising given that the vulnerability has an infamous history. The author explains that the\u00a0vulnerability is an error in processing tags in\u00a0Microsoft<\/a> (MSFT<\/a>) Windows OS. The flaw enabled the download of the random dynamic library without the user’s awareness. The vulnerability affects Windows XP<\/a>, Vista<\/a>, and Windows 7<\/a>, as well as Windows Server 2003<\/a> and 2008<\/a><\/strong>.<\/p>\n

Sality worm<\/h3>\n

\"Malware\"The first malware exploiting this vulnerability appeared in July 2010: the worm Sality<\/a>. Sality <\/strong>generated vulnerable tags and distributed them through the LAN. Ms. Seals writes that if a user opens a folder containing one of these vulnerable tags, a malicious program immediately begins to launch. The summer of 2010 then saw the appearance of Stuxnet. <\/strong>Stuxnet is\u00a0a computer worm that was specifically designed (likely by the US and Israel<\/a>) to sabotage the uranium enrichment process<\/strong> at several factories in Iran<\/strong><\/a>. Subsequently, the state-sponsored Flame and Gauss spyware made use of the security hole.<\/p>\n

Windows XP vulnerable to Stuxnet<\/h3>\n

Infosecurity Magazine<\/em> dug into the statistics and found that most of the unpatched systems were running Microsoft’s outdated Windows XP. Kaspersky said the report.<\/p>\n

\"Knife<\/a>The lion’s share of detection’s (64.19%) registered .. involved XP and only 27.99% were on Windows 7 … Kaspersky Lab products protecting Windows Server 2003 and 2008 also regularly report detection of these exploits (3.99% and 1.58% detection’s respectively)<\/em><\/p>\n

Kaspersky data suggests that the problem is self-inflicted.<\/p>\n

The large number of detection’s coming from XP users suggests that most of these computers either don’t have an installed security solution or use a vulnerable version of Windows – or both.<\/em><\/p>\n

Kaspersky also analyzed the geographical distribution of CVE-2010-2568 detections. According to Infosecurity<\/em>, the top nations with the vulnerability \"\"<\/a>were:<\/p>\n

    \n
  1. Vietnam<\/a> (42.45%)<\/li>\n
  2. India<\/a> (11.7%) and<\/li>\n
  3. Algeria<\/a> (5.52%)<\/li>\n<\/ol>\n

    Kaspersky researchers told the author, \u201cSo many users of outdated versions of Windows mean these exploits are effective even though almost four years have passed since the disclosure and patching of the vulnerability<\/em>.\u201d<\/p>\n

    rb-<\/em><\/strong><\/p>\n

    C’mon, if you are going to use an orphaned operating system, update it as far as you can and get off it as fast as possible. <\/em><\/p>\n

    As Kaspersky pointed out, using an outdated version of an operating system is fraught with the risk of cyber-attacks involving exploits, special programs that target vulnerabilities in legitimate software to infect a computer with other dangerous malware.<\/em><\/p>\n

    Related articles<\/h6>\n