Cultivating cyberwar

Fascinating stuff on the Stuxnet virus caught in the wild.

I spent a few weeks travelling in Iran in late 2009. Every computer I used (in homes, Internet Cafes, hotels,  even in a private IT academy of some sort I walked into) was infected with malware.

I would ask people about the ubiquitous availability of any piece of software under the sun *for pennies* and they’d respond “oh, we don’t do copyright in Iran”. Walk into any technology mall – there are tens of  shops selling illegal copies of all software you know and then some.

The catch is that all that software is either already infected with malware, or vulnerable to infection. Iranians use cracked antivirus software that doesn’t really update (of course it *says* it does). But the vendors are not stupid – they close the tap on their end and stop providing security updates or virus definitions for illegal copies of their products.

Think about it – a country full of unpatched Windows machines, running cracked antivirus software that doesn’t update. Malware heaven. Or, a very useful (and easy and free) addition to global criminal botnets, private and government-controlled alike.

I wonder when all of this lunacy will blow up in our faces.

PS: When I got back home I had to clean all flash media I had used during the trip (GPS, camera, thumb drive) from many Sality variants (and potentially other unknown malware as well). This stuff was so advanced that antivirus products (real, licensed and updated) could not identify it. I tried to manually remove the offending files from my flash media – this proved impossible with Windows or MacOS X systems – the system would simply throw an error and say the file could not be touched. I had to resort to my console-only Linux server to give me the true directory listing and actually remove the files when I asked it to. And that was just an old and well-known virus…