AVG 2011 – Surf Shield Bug – avg_ls_dom.js

Recently I faced issues loading webpages in Chrome. Many websites failed to load including my Blog. Websites that have a lot of java scripts especially Adsense units (Image and Text) took a lot of time to load. I tested the page elements load time with firefox browser with firebug and Google Page speed addon and found a mysterious Java Script ‘/A2EB891D63C8/avg_ls_dom.js’

It looks like the problem is due to Surf Shield a part of Link Scanner module of AVG 2011. "AVG Surf-Shield actively checks web pages in real-time every time you click a link or enter a web address directly into your browser". This is done by adding a script element to the very beginning of every HTML page rendered inside the browser. This element loads a local JavaScript file called ‘avg_ls_dom.js’.

The script is injected in a non-standard way, right after the document definition and outside of the <head> element, where such resources are normally defined. This technique is most likely used to ensure that avg_ls_dom.js is loaded before any other script possibly injected by attackers into the original page. The JavaScript code inside the file is supposed to create a buffer with the content of the page and submit it via POST to another relative URL called /CC0227228D62/CheckData.

httpRequest.open("POST", "/CC0227228D62/CheckData", false);
httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

This request should again be intercepted by the AVG module, which should inspect the code and give the go-ahead to display the page or tell the script to throw an error instead. However, it seems that a bug causes the proxy-like component to let requests through and get sent to the server from where the page was loaded.

Once I disabled the Surf Shield option in Link Scanner the issue got resolved.

Ref: http://news.softpedia.com/news/AVG-2011-Bug-Affects-Browsing-Experience-Could-Also-Hurt-Websites-160515.shtml


Stuxnet – The New Generation Control Systems Computer Worm

Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus. It is the first discovered worm that spies on and reprograms industrial systems. It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes.Stuxnet includes the capability to reprogram the programmable logic controllers (PLCs) and hide the changes. (Ref: Wikipedia)

It is the first-ever computer worm to include a PLC rootkit.It is also believed to be the first worm to target critical industrial infrastructure. Furthermore the worm’s probable target has been said to have been high value infrastructures in Iran using Siemens control systems. It has also been said that the infestation by this worm might have delayed the start up of Iran’s Bushehr nuclear power plant. (Ref: Wikipedia)

As of end September 2010 the virus has widely affected Iran, Indonesia and India (Source: Stuxnet Under the Microscope)


(Image Source: Stuxnet Under the Microscope)

A high volume of detections in a single region may mean that it is the major target of attackers. However, multiple targets may exist, and the promiscuous nature of the infective mechanism is likely to targeting detail.

With its ability to attack industrial control systems, Stuxnet is the first computer virus that causes real-life harm.

Being a control systems professional I can imagine how much damage these little piece of software can create. It is beyond the imagination of Hollywood movies. With its ability to modify the engineering done in Control or Safety systems it can defeat the very purpose it was built for by turning the Plant to a potential weapon of Mass Destruction (WMD). The disaster may not be a boom & fire as shown in movies. A poisonous gas leak or nuclear spill can be more dangerous, Bhopal Gas tragedy an example of it. Oops! this is more threatening than the Google Threat discussed in my earlier blog. And yes, there are new themes available for Die Hard, War Games, Enemy of State, Eagle Eye……

This also calls for nations to strengthen their Cyber Security. And soon cyber security will become a multi bullion dollar industry, multiple times its current volume. I feel the control systems should move back to proprietary operating systems. Gone are the days when these systems were designed and considered to be more secure. With these systems getting more open day by day with insecure implementation of Microsoft dominated OPC (OLE for Process Control) and integration with upper level solutions like ERP the probability of risk is even higher. The strength of the chain is as strong as the weakest link. With new versions of Windows coming up there has been no increased security. A better solution may be to design Windows operating systems catering to automation platforms.

While it is being claimed that there is remedy for Stuxnet, we really need to wait and see if it is yet to unfold. While this worm has been discovered for Siemens systems and if it is true that it is a nation state sponsored project there are many to come targeting all platforms taking a nation’s defense and economy to its control.