Computerworld

 

Computerworld - A security researcher today revealed yet another way that the Stuxnet worm spreads, a tactic that can re-infect machines that have already been scrubbed of the malware.
The new information came on the heels of admissions by Iranian officials that Stuxnet had infected at least 30,000 of the country's Windows PCs, including some of the machines at the bushehr reaction nuclear in southwestern Iran.


The worm, which has been dubbed the world's most sofosticated malware ever, targets Windows PCs that oversee industrial-control systems, called "SCADA" systems, that in turn manage and monitor machinery in power plants, factories, pipelines and military installations.


Previously, researchers had spotted several propagation methods in Stuxnet that ranged from spreading via infected USB flash drives to migrating between machines using multiple unpatched Windows bugs.
Liam O Murchu, manager of operations on Symantec's security response team and one of a handful of researchers who have been analyzing Stuxnet since its public appearance in July, said today he'd found another way that the worm spreads. According to O Murchu, Stuxnet also injects a malicious DLL into every Step 7 project on a compromised PC, ensuring that the worm spreads to other, unaffected PCs whenever an infected Step 7 file is opened.

Step 7 is the Siemens software used to program and configure the German company's industrial control system hardware. When Stuxnet detects Step 7 software, it tries to hijack the program and pass control to outsiders.


"All Step 7 projects [on a compromised computer] are infected by Stuxnet," O Murchu said in an interview today. "Anyone who opens a project infected by Stuxnet is then compromised by the worm."
O Murchu said that the Step 7 propagation vector would insure that already-cleaned PCs would be re-infected if they later opened a malicious Step 7 project folder. "You could imagine the scenario where someone had cleaned the computer of Stuxnet, but before they did that, they backed up the project," he said. "When the project was later restored [to the now-clean] PC, it would be re-infected."
Another possibility, said O Murchu, is that Stuxnet's makers hoped to infect systems at a central SCADA-programming authority, which would then pass along the worm to PCs at several facilities that would use the Step 7 files to configure the local control hardware.
Siemens has planted that 14 plans, many of them in Germany, were infected with Stuxnet, but it has not provided details on how the worm wriggled into those facilities.
The just-discovered way that Stuxnet spreads means that cleaning up after the worm will be more difficult, O Murchu said.

Earlier, O Murchu and others who have dug into Stuxnet, argued that the malware's complex construction and advanced techniques indicated it was the work of a state-backed group. The Step 7 infection vector is another clue of that, O Murchu said today.
"This is a very remarkable feature," he said. "Step 7 is fairly proprietary software, and whoever created Stuxnet had to know that program very well. It's certainly not something simple."
Over the weekend, Iranian officials acknowledged that Stuxnet had infected tens of thousands of Windows PCs in the country, including some at the Bushehr nuclear reactor.
Other security analysts have speculated that the worm was designed to cripple the bushehr reactor Several Western governments, including the U.S., suspect that Iran will reprocess Bushehr's spent fuel to produce weapons-grade plutonium for use in nuclear warheads.


On Sunday, the deputy head of Iran's Atomic Energy Organization said that Stuxnet had not affected Bushehr's control systems, and that experts had taken steps to block the worm from spreading.

info.tech

Information technology (IT).

1. As it pertains to technology, Information Technology (IT) is the "technology" used for the study, understanding, planning, design, construction, testing, distribution, support and operations of software, computers and computer related systems that exist for the purpose of Data, Information and Knowledge processing.
2. As it pertains to industry, Information Technology (IT) is the "industry" that has evolved to include the study, science, and solution sets for all aspects of Data, Information and Knowledge management and/or processing.
3. As it pertains to organizations or organizational structures, Information Technology (IT) is the organization in an enterprise or business that is held responsible and accountable for the technology used for planning, design, construction, testing, distribution, support and operations of software, computers and computer related systems that exist for the purpose of Data, Information and Knowledge management and/or processing.

Synonyms
Common interchangeable terms used for Information Technology include but are not limited to:

• Information Systems (I.S)
• Information Sciences (IS)
• Information Management (IM)
• Management & Information Sciences (MIS)

 General Information

As it pertains to technology, IT spans a wide variety of areas that include but are not limited to things such as Processes, Computer Software, Computer Hardware, Programming Languages, and Data Constructs. In short, anything that renders Data, Information or perceived Knowledge, in any visual format whatsoever, via any multimedia distribution mechanism, is considered to be a part of the domain space known as Information Technology (IT).


As it pertains to industry, IT spans a very large variety of functional areas called Information Technology (IT) Disciplines or Information Technology (IT) Competencies, that describe functional areas of the greater profession. Different sources for content on IT Disciplines or Competencies include but are not limited to:

• The American National Standards Institute (ANSI)
• The Information Technology Association of America (ITAA)
• Information Technology Infrastructure Library (ITIL)]
• The InterNational Committee for Information Technology (incits)
• The International Foundation for Information Technology (IF4IT)
• The International Organization for Standardization (ISO)

(It is important to note and understand that, while some organizations are more established than others, no one organization has yet to establish itself as the definitive source for all Information Technology content and material. However, all provide important pieces to a greater puzzle that represents the evolution of the industry, throughout the decades.)


As it pertains to organizations within enterprises, IT represents an operational group that helps solve such problems as those related to Data, Information and Knowledge capture, persistence, processing, brokering, discovery and rendering. Such organizations can be as small as one or two people that can be shared between multiple small business and as large as multi-billion dollar structures that are common in all Fortune 500 enterprises.


Today, the term information has ballooned to encompass many aspects of computing and technology, and the term has become very recognizable. IT professionals perform a variety of functions (IT Disciplines/Competencies) that range from installing applications to designing complex computer networks and information databases. A few of the duties that IT professionals perform may include data management, networking, engineering computer hardware, database and software design, as well as the management and administration of entire systems. Information technology is starting to spread farther than the conventional personal computer and network technology, and more into integrations of other technologies such as the use of cell phones, televisions, automobiles, and more, which is increasing the demand for such jobs.
When computer and communications technologies are combined, the result is information technology, sometimes called "infotech." Information technology is a general term that describes any technology that helps to produce, manipulate, store, communicate, and/or disseminate information.


In the recent past,ABET and the ACM  have collaborated to form accreditation and curriculum standards^[12] for degrees in Information Technology as a distinct field of study separate from both COMPUTER SCIENCEand Information system. SIGITE is the ACM working group for defining these standards. The Worldwide IT services revenue totaled $763 billion in 2009.

It is important to consider the overall value chain in technology development projects as the challenge for the value creation is increasing with the growing competitiveness between organizations that has become evident . The concept of value creation through technology is heavily dependent upon the alignment of technology and business strategies. While the value creation for an organization is a network of relationships between internal and external environments, technology plays an important role in improving the overall value chain of an organization. However, this increase requires business and technology management to work as a creative, synergistic, and collaborative team instead of a purely mechanistic span of control. Technology can help the organization recognize improved competitive advantage within the industry it resides and generate superior performance at a greater value,according to Bird