* Microsoft addresses record 49 flaws in its software

* Affects Windows, Internet Explorer, Office

* Fixes vulnerability exploited by Stuxnet virus (Adds details on Stuxnet virus, comments from researcher)

By Jim Finkle

BOSTON, Oct 12 (Reuters) – Microsoft Corp (MSFT.O) issued its biggest-ever security fix on Tuesday, including repairs to its ubiquitous Windows operating system and Internet browser for flaws that could let hackers take control of a PC.

The new patches aim to fix a number of vulnerabilities including the notorious Stuxnet virus that attacked an Iranian nuclear power plant and other industrial control systems around the world.

Microsoft said four of the new patches — software updates that write over glitches — were of the highest priority and should be deployed immediately to protect users from potential criminal attacks on the Windows operating systems.

Microsoft said it also repaired other less serious security weaknesses in Windows, along with security problems in its widely used Office software for PCs and Microsoft Server software for business computers.

Microsoft released 16 security patches to address 49 problems in its products, many of which were discovered by outside researchers who seek out such vulnerabilities to win cash bounties as well as notoriety for their technical prowess.

“This is a huge jump,” said Amol Sarwate, a research manager with computer security provider Qualys Inc. “I think the reason for it is that more and more people are out there looking for vulnerabilities.”

The geeks who report such vulnerabilities to software makers are known as “white hat” hackers. Sarwate warned that there are also plenty of “black hats,” or criminal hackers who look for vulnerabilities in software that they can exploit to launch attacks on computer systems.

Indeed, the world’s biggest software maker said that the patches released on Tuesday include software to fix a vulnerability exploited by the Stuxnet virus — a malicious program that attacks PCs used to run power plants and other infrastructure running Siemens (SIEGn.DE) industrial control systems.

The virus, which infected computers at Iran’s Bushehr nuclear power plant, was discovered over the summer. Security research Symantec said that it detected the highest concentration of the virus on computer systems in Iran, though it was also spotted in Indonesia, India, the United States, Australia, Britain, Malaysia and Pakistan.

So far Microsoft has patched three of the four vulnerabilities exploited by Stuxnet’s unknown creators.

The total of 49 vulnerabilities exceeds the previous record of 34, which was set in October 2009 and matched in June and August of this year.

The constant patching of PCs is a time-consuming process for corporate users, who need to test the fixes before they deploy them to make sure they do not cause machines to crash because of compatibility problems with existing software. (Reporting by Jim Finkle. Editing by Robert MacMillan, Gary Hill)

http://www.reuters.com/article/idUSN1220677620101012

Computer Clarity

Cumulative Security Update for Internet Explorer (978207)

Executive Summary

Over the last ten years, I have removed close to a half million viruses from thousands of computers.  One of the most common questions that I am asked is: “Why do these people write viruses?”  The answer is that there are several types of people writing different types of malware for several different purposes.  Here are some examples:

Vandals-
These people are like the punks that vandalize property for fun.  They are in small cliques and they try to impress each other by infecting the most computers in the shortest amount of time.  One virus from around seven years ago infected over 250,000 computers in 24 hours.  This one made all of the desktop icons run away from the mouse arrow.  This group of cyber-vandal virus writers wrote most of the early viruses, but as a percentage of all viruses discovered to date, they are less significant than some of the other groups.

People with a grudge-
Another small group of people who wrote many early viruses are the people with grudges against Microsoft, the government, corporations, or specific professions.  One virus from around six years ago called Magistrate targets attorneys.  This virus would infect a computer, search for any document containing legal terms and mail it out to everyone in the address book.  Other viruses would infect as many computers as possible, then tell all of them at the same time to try to access a web site or other internet server causing such high traffic that the server shuts down.

Cyber Warfare against the United States-
Over the last five years, another form of covert warfare has emerged.  Many antivirus companies have reported a high number of viruses originating in China, North Korea, and Iran.  They also report that these viruses seemed to be designed to infect English speaking countries specifically.  This is The Art of War in its perfect modern adaptation: never attack your enemy army directly when you can weaken your enemy infrastructure indirectly.   By infecting home, business, and government computers, the enemies of the United States can decrease our overall productivity, increase our population’s general level of stress and irritation, and possibly steal some secrets along the way.

Info Thieves-
These are the writers of the spyware floating around the internet.  They are looking for passwords, account numbers, social security numbers, and anything else that would give them access to your credit, money, or your identity.  This group and the next are both the fastest growing and the most damaging types of threats.

Viruses for Profit-
This group started out writing the adware that makes all of the popup ads fill a computer screen every time the computer connects to the internet.  They make arrangements with advertisers to get paid a few pennies every time their popup ad hits a desktop.  With a few hundred ads popping up on a few hundred thousand computers every day, these viruses generate income.  But a much more serious threat in this group has emerged.  Rogueware is software that impersonates an antivirus and attempts to entice the computer user to install the virus with warnings of viruses.  This is the biggest and fastest growing type of computer malware that I have seen so far.

<a href=”http://www.computerclarity.com/clarity-blog/?p=6″>See my article
concerning rogueware for more information.</a></p>

As you can see, the question “Why do people write viruses” has a logical answer.  Even if there are several types of virus writers with several motivations, people write malicious software because they are malicious people.

Computer Clarity