360 tricked 400 million Internet users into misinterpreting "Gigafactory" virus - Kaspersky's statement on 360 misinterpreting "Gigafactory"

360 tricked 400 million Internet users into reading the "Gigafactory" virus

Kaspersky Lab on July 15, 2010 to the world published the technical analysis of the "Stuxnet" virus (domestic translation "Stuxnet", "super virus" or "super factory", hereinafter referred to as "super factory"), And on September 24, its founder and CEO Eugene Kaspersky announced a more in-depth industry interpretation:

1, the "Stuxnet" virus uses a complex multi-layer attack technology, simultaneously using four "zero-day vulnerabilities" to attack the Microsoft operating system, using two valid digital certificates (Realtek and JMicron), to make itself invisible.

2, the purpose of the "Gigafactory" is not like ordinary viruses, interfere with the normal operation of computers or steal user property and privacy, its ultimate purpose is to invade the SimaticWinCCSCADA system, which is mainly used as an industrial control system, capable of monitoring industrial production, infrastructure or fact-based industrial processes. Similar systems are used worldwide in oil pipelines, power plants, large communications systems, airports, ships and even military installations.

3, "Gigafactory" is already a cyber weapon, used to attack the enemy's valuable infrastructure. It marks the beginning of a cyber arms race.

4, the "Gigafactory" behind-the-scenes team is highly skilled professionals, and has a wide range of resources and strong financial backing, they should be supported by a country or government agency.

For such a malignant virus that marks the entry of global network security into the "era of infrastructure protection", 360 not only did not make any substantive contribution acknowledged by Microsoft, but on October 2, that is, two months after Kaspersky published technical analysis, it published an official news that can be described as "nonsense". Claiming that "Gigafactory" took advantage of "known" Microsoft vulnerabilities, it even claimed that "because of the existence of 360 series of security software", "China has avoided the" Gigafactory "virus attack".

In fact, the "Gigafactory" exploited an "unknown" Microsoft vulnerability (commonly known internationally as a "zero-day vulnerability"), that is, it carried out a system attack before Microsoft was aware of the vulnerability. Therefore, even if users use 360 to patch Microsoft every day, there is no defense against such attacks. Professional security software vendors exist because they can help users protect against such viruses before Microsoft releases patches, or even discover these "unknown" vulnerabilities before Microsoft does. Kaspersky was the first professional security vendor in the world to discover that "Gigafactory" used the two latest "zero-day vulnerabilities" to carry out attacks, earlier than Microsoft itself found, and assisted Microsoft in the first time to repair this vulnerability and issue vulnerability patches.

The most fundamental reason why the "super factory" did not break out in China at the same time is that the behind-the-scenes team of the "Super factory" did not take China as the target of attack in the first time, not because how many people have installed 360 in China. As 360 claims, 360 relies on helping users to patch Microsoft to defend against "Gigafactory", which means that before Microsoft releases patches, 360 cannot defend against "Gigafactory". If the "super factory" attacks China at the first time, then the 300 million netizens (360 official data) who have installed 360 will all "fall", and none can escape.

Kaspersky Lab believes that non-professional security manufacturers like 360 do not have the corresponding technology and ability to intercept "Super factory" in the first time, and can not make an in-depth and reasonable analysis of such malignant viruses as "Super factory". However, it is totally unacceptable for 360 to cover up its shortcomings and publish official news on the "Gigafactory" that seriously deviates from the facts and obfuscates public opinion. 360's remarks make it easy for many ordinary users to think that 360 can resist vicious viruses like "Gigafactory". If this kind of fake propaganda that deceifs users and ignores the facts is spread in the security industry for a long time, then the entire Internet security situation in China will further deteriorate, and more and more end users will be hurt and suffer greater losses because they do not have the correct security knowledge and professional security protection.

Kaspersky Lab

October 13, 2010

October 13, 2010