Cybersecurity News Roundup: Siemens Plugs Stuxnet Holes; Gamigo Loses 8M IDs; AC/DC Rocks Iran Nuke Facility

Siemens Patches Holes to Stop Stuxnet-Type Attack: German industrial-control-system maker Siemens patched holes in some of its products that resemble holes exploited by the famous Stuxnet worm in 2010. If left unpatched, the vulnerabilities in the company’s Simatic STEP 7 and Simatic PCS 7 software could have allowed malicious Microsoft Dynamic-link Library files to be loaded. Such files could lead to a Stuxnet-like attack against systems that use STEP 7. The new patch updates a mechanism that rejects DLLs in the STEP 7 folder, thus “preventing unintended execution of unchecked code.”

Fake Opera Browser is Real Android Malware: A new variant of the OpFake mobile malware was found inside a version of the Opera Mini mobile browser. The malware targets Android phones and steals money by sending SMS messages to premium-rate numbers and also collects data about the devices it infects. GFI Lab’ researchers discovered the new variant and found that, unlike older versions of the malware which were simply disguised as Opera Mini, this version actually downloads a functional copy of the mobile browser.

8 Million Gamigo User IDs Hacked: A months-old breach at Gamigo, a German online games publisher that focuses on Massively Multiplayer Online Role-Playing Games (MMORPGs), resulted in the leak of 8 million usernames, e-mail addresses and passwords. The site warned users four months ago that a hacker intrusion had compromised data, but the information wasn’t publicly released until earlier this month. Gamigo has so far released 14 client games as well as five browser games.

U.S. Arrests Russian for DDoS Attack on Amazon, Others: Authorities in the United States charged two men in connection with a denial of service (DoS) attack that crippled a number of major online-business websites, including Amazon.com, in June 2008. Dmitry Olegovich Zubakha, 25, of Moscow, was arrested in Cyprus last week under an international arrest warrant, having been indicted in a federal court last year for launching botnet-powered DoS attacks against Amazon.com, eBay and Priceline. These attacks stopped customers from accessing the websites, effectively shutting the sites down.

Syria Vanishes from Online World for 40 Minutes: Syria went dark on the Internet for around 40 minutes last week, according to Internet-analysis firm Renesys. Exactly what happened between 13.32UTC and 14.42UTC on Thursday July 19 is unclear, as is almost everything else that occurs in a country in a state of near civil war. However, the brief disconnection was highly unusual for a national domain that has recently been stable. Renesys said networks routed through the Syrian Telecommunications Establishment were “withdrawn” from the global routing table, leaving only five of sixty-one Syrian prefixes. Those that remained were controlled by Indian company Tata, which has a presence in the region. All Syrian-directed domains were unavailable.

Attack Leaves Iran Nuke Authority Rocking Out to AC/DC:  In what is clearly the best—or at least the most amusing—hack of the year, the Atomic Energy Organisation of Iran (AEOI) claims a worm caused the AC/DC song Thunderstruck to be played at high volume in a facility throughout the night. Finnish software firm F-Secure claims to have an email from someone from AEOI that describes the attack, though the software company has not been able to independently verify the report. A hacker is thought to have used Metasploit to find vulnerable systems. The worm then supposedly forced sysadmins to “shut down the automation network” at Natanz and another facility near Qom. (I would have gone with Highway to Hell but that’s just me.)