Google Releases Chrome 15·0·874·121

November 16, 2011

Google has released a new stable version, 15·0·874·121, of its Chrome browser, for Windows, Linux, Mac OS X, and Chrome Frame.  The new version contains some miscellaneous fixes, a new version of the V8 engine, and a security fix.   More details are available in the announcement on the official Chrome Releases blog.

Windows and Mac users should get the new version via the built-in update mechanism.  Linux users should get the updated package from their distributions’ repositories, using their standard package maintenance tools.

Update Thursday, 17 November, 22:40 EST

Clarification: the V8 engine is the component that interprets and executes JavaScript.  The security fix in this release was for a vulnerability in V8.

More DuQu, Stuxnet Similarities

November 16, 2011

A month or so ago, the first news reports began to surface about a new piece of malware called DuQu,  At the time, there was some suspicion that it had been created by the same group that had created the Stuxnet worm, used to attack centrifuge systems in Iran, based on some similarities in the code.  However, since the amount of information available was limited, this was far from certain.

Now, according to an article posted today at ThreatPost, the security news service from Kaspersky Labs, the gradual accumulation of additional evidence has reinforced the similarities, despite the feeling among researchers that they don’t have the whole DuQu story yet.

Researchers are fairly confident now that whoever wrote the Duqu malware also was involved in some way in developing the Stuxnet worm. They’re also confident that they have not yet identified all of the individual components of Duqu, meaning that there are potentially some other capabilities that haven’t been documented yet.

DuQu has been mentioned in the industry press fairly often, and I’ve talked about it here, but it is not particularly widespread.  It has been introduced in a very deliberate, targeted way.  Kaspersky Labs estimates there may be something on the order of fifty infections world-wide, a far cry from some of the “mass market” malware we have seen.   DuQu attacks have been directed at specific targets; different attacks use different encryption schemes, and employ different malware components.  All of this suggests that the people or organization responsible are skilled and well-organized, just as with Stuxnet.

Once again, we are reminded that the malware game has changed a lot since the early days of the Internet.  The attackers are no longer socially- and hygienically- challenged adolescents, but organized crime operations, and perhaps governments.

%d bloggers like this: