There has been much speculation about the hidden meaning and possible historical references in the Stuxnet code. I find this interesting not only on its own but also in relationship to other malware in the news.

Zeus, unlike Stuxnet, actually has done a fair amount of real harm. However, no one seems to be going around pointing out that, at least as far as mythology goes, you may never be able to get rid of it

Cretans believed that Zeus died and was resurrected annually

That was obviously before computers. In modern terms Zeus would be killed and then resurrect almost instantly, depending on CPU and memory.

I guess, to be accurate, the references in Stuxnet are in the code itself whereas Zeus is just one of many names (Zbot, PRG, Wsnpoem, Gorhax, Kneber) given to a Trojan horse. Trojan horse malware named after a Greek god seems most appropriate, but I have not yet seen who or how the name Zeus was chosen. In any case, Microsoft has announced that they will now search for some versions of Zeus in their Malicious Software Removal Tool (MSRT).

The Zeus bot is dynamic and could be adjusted easily to bypass the MSRT, so what this really means is older and less expensive copies will fail. The cost of a Zeus attack has just gone up. Not a perfect solution, of course, but definitely a helpful step. This lowers the barrier and cost of defense for attacks that were already far too easy.

Microsoft, speaking of historical references, in 2007 was not very optimistic about the demise of Storm after they added it to MSRT. Storm was actually named after flooding in Europe that was used to convince victims to download the Trojan horse installer.

In a blog post with the catchy operation title “Storm drain” Microsoft predicted the Storm botnet would not go away.

Unfortunately, that data does not show a continued decrease since the first day. We know that immediately following the release of MSRT, the criminals behind the deployment of the “Storm” botnet immediately released a newer version to update their software. […] Despite so many machines having been cleaned recently by MSRT, the “Storm” botnet will slowly regain its strength.

It did decline significantly, and Microsoft then took credit, but just a few months ago experts warned of a new variant and rebirth of the threat.

…the Storm botnet was one of the biggest botnets, sending out vast amounts of spam. As the market leader in spam-distributing botnets, it got a lot of attention from the security industry and the general public, ultimately leading to its demise. Since early 2009 the botnet was believed to be silent, even possibly defunct.

The new malware has been distributed widely over the last several days and the new botnet is already sending out spam. In an analysis done by Mark Schloesser, Tillmann Werner, and Felix Leder, German researchers who did a lot of work in analyzing the original Storm, they found that around two-thirds of the “new” functions are a copy and paste from the last Storm code base. What is missing is the original peer-to-peer (P2P) functionality, possibly in response to a tool these researchers developed that could bring down Storm. Cutting away the P2P functionality focuses the new Storm variants to HTTP communication with their command server.

Still 2/3 the same code base? Another key difference should be that it can now avoid MSRT despite using a vast majority of the old code, unless of course MSRT was not really the reason it went away. Funny how that is not mentioned; instead McAfee talks about a “tool” developed by researchers outside of Microsoft and based on network protocol analysis instead of detection and removal by the OS that brought Storm down. Controls outside the OS thus might have made the real difference. Important to keep in mind, given the new Zeus-aware MSRT update.

My best guess is that Stuxnet is not as sophisticated as some might argue but instead is rehashed from prior attacks. The failure of anti-malware is turning into the real issue, just like we hear about with the Zeus and Storm evolutions, rather than true zero-day risks. The solution, in other words, takes far more than just evil code detection. System behavior and network behavior — the sort of thing usually relegated to “expensive” trusted platforms with limited flexibility — is going to come more into vogue for fighting bots. The good news for IT management is that virtualization technology and the cloud model significantly brings down the cost of running trusted platforms.

A resident of Santa Clara, California discovered by accident that the FBI planted a tracking device on his car

Afifi said the strange series of events began Sunday, when he took his car in for an oil change to a garage not far from his Santa Clara home. As the car was raised, Afifi said he noticed “a wire hanging out.” Then he noticed “a black, glimmering device.”

Mazher Khan, owner of Ali’s Auto Care, had no idea what it was but he agreed to yank it out. Afifi left with the device and drove home.

On Tuesday, Afifi said he had just gotten home from work when one of his roommates came in and said, “There are two suspicious people standing right by your car in the complex.”

It is a strange story to begin with, but then it gets even more strange when the FBI show up and request that the big black devices of wires-and-magnets be returned to them.

“All right, where’s the device you found under your hood,” the agent said, according to Afifi. “He goes, ‘Yeah, we put it there.’ “

[…]

“I gave it back to them and said, ‘Is this what you needed?’ ” Afifi said. “He goes, ‘Yeah, this is it.’ “

Ali’s Auto Care now can update their ads to include “Tracking Device Removal”, or maybe even offer an Internet coupon. Note that Divorcenet.com suggests GPS tracking devices could be a wider problem than just with law enforcement.

The use of GPS systems is increasingly being used to monitor cheating spouses. The falling price and shrinking size of GPS systems have spouses from all walks of life keeping track of their “better” halves. Spouses can now use a GPS device to follow a vehicle, and presumably the cheater, behind the wheel. The GPS system’s software works seamlessly with online map services such as Google Maps. Thereafter, the suspecting spouse can sit back and wait for that “gotcha” moment.

Spouses are said to legally be entitled to track their “own” vehicles. The question becomes one of ownership, and then privacy.

The legality of secretly planting a GPS system is a very fact-sensitive analysis. Like checking a spouse’s email, the legality of secretly planting a GPS tracker depends on who owns the vehicle. In a purely technical sense, if you own the vehicle or have joint ownership of it, then it is perfectly legal to use a GPS system to monitor it. Spouses can legally access their spouse’s email in scenarios where there is a jointly-owned computer or a computer that is used by the entire family. The key issue in the planting of a GPS system is whether the spouse who was tracked had a reasonable expectation of privacy. The question apparently has yet to be raised in a divorce case in New Jersey. The law is normally five years behind technological developments.

I am not a lawyer but the “reasonable expectation of privacy” test seems a bit weak. The courts have already ruled in the US that there should be no expectation of privacy in your driveway from the government, for example.

Government agents can sneak onto your property in the middle of the night, put a GPS device on the bottom of your car and keep track of everywhere you go. This doesn’t violate your Fourth Amendment rights, because you do not have any reasonable expectation of privacy in your own driveway — and no reasonable expectation that the government isn’t tracking your movements.

Another opportunity for the security market. Someone should start selling Fourth Amendment tents for the  driveway — now even you can set up a reasonable expectation of privacy on your own property.

John Stewart is a funny guy. He not only give a clear and sober review of the foreclosure crisis, but he dissects regulations and tells the banks (4:10) “You can’t lock someone out of their house while they are in it.”

I walked behind a nurse into the doctor’s office.

“Shoes off please and stand on the scale so I can measure your weight and height” she said in monotone, clearly excited to be taking a reading for the hundredth time that day.

I complied; she read the results to me.

“Are you certain?” I asked “That height measurement seems off by a factor…”

She shrugged and started to turn away “Oh, a lot of people say our scale is wrong.”

When a health care provider has a hard time calibrating height I am tempted to question how they measure dosages and other more important metrics, let alone privacy controls.