itWatch GmbH - A USB memory stick is the preferred delivery vehicle for the Stuxnet spyware worm

News

Stuxnet Malware Still Exploiting Microsoft Windows Security Hole (eWeek.com)

As of this morning, Microsoft said it detected nearly 10,000 unique machines where Stuxnet infections were prevented. Read more »

Windows systems at risk from Stuxnet attack (ZDNet)

One of the attack vectors Stuxnet uses is via USB stick. The malware requires no user interaction to infect the system. The operating system merely rendering an icon launches the malware. Read more »

Stuxnet malware threat continues, targets control systems (SC Magazine)

The recently discovered Stuxnet malware, which takes advantage of a zero-day Microsoft Windows Shell vulnerability, is being used in targeted attacks to penetrate industrial control systems, particularly in the United States, according to security researchers.. Read more »

The risk

Stuxnet spyware targets industrial facilities, via USB memory stick. Infected sticks are the means by which a mystery spyware, dubbed Stuxnet, is penetrating control systems of industrial facilities and utilities around the globe, say cybersecurity experts. A USB memory stick is the preferred delivery vehicle for the Stuxnet spyware worm, which has launched a sophisticated attack on industrial computer systems worldwide.

Background

"What is unique about Stuxnet is that it utilises a new method of propagation," wrote Microsoft researcher Tareq Saade in the blog post. "Specifically, it takes advantage of specially-crafted shortcut files (also known as .lnk files) placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system."

The solution - XRayWatch

Prevent and block attacks on your Microsoft platform using the threat of yet unpatched vulnerability of LNK files.

The customers of itWatch have no problem with the current threat, as modified LNK files are rejected.

Proactive protection against the forbidden: Your patents should not be stored onto memory sticks – readable for everyone? You do not want a user to import executable files from a mobile data storage medium. to your network? XRayWatch individually defines per user who may read which data from where and who may export it to what target – to the network shares, locally to the hard drive or to mobile data storage devices

Check contents – not file names: Most companies check the content and file names of exchanged data with their firewalls. Why only there and not on the broadband interfaces of the PCs? Clever users already know to change file names in order to avoid central guidelines. With its semantic and syntactic Pattern Matching XRayWatch offers a detailed check of all exchanged data at all ports and interfaces – the re-naming of the file becomes useless.

All this and much more offers the itWatch Endpoint Security Suite. More information are available on the website of itWatch GmbH (www.itwatch.info). Do you have any questions, requirements or have a project in DLP, Endpoint Security and Security Awareness? Then we want to make it easy for you - Visit our contact form on www.itwatch.info.