UPNP has always been a bad idea!

UPNP is a protocol that allows an application to open up ports on a router so that incoming packets from the Internet get to the correct IP address on the LAN. It's typically used to allow the XBox360 to set up open ports through your router to allow multi-player gaming. If both XBoxes are behind NAT routers there is no way that unsolicited traffic from one can make it to the other (hey, I never wanted your bullets to hit me!). Skype suffers thus if both callers are behind NAT routers (i.e. in most cases; who has an internet-facing IP address on their machine nowadays?) - details here). More recent versions of Skype will make use of UPNP if it's on the router.
You won't be surprised to learn that it's a Microsoft technology and I've always encouraged people to disable it on their routers. Any piece of malware inside your network can open ports and invite any other nasties in. In the case of XBox there are about four ports you need to open up for the Live! service to work. Anyhow - it turns out that Linksys routers have a bug that allows UPNP activation on the WAN side - that's right, with the correctly formatted packets you can open ports through a Linksys router from the Internet. Using something like UPNP Port Mapper will allow you to scan Internet IP addresses and open ports on those routers.

The title link is to the article on The H.

Stuxnet

I've been following the Stuxnet worm in the technical press and it is fair to say that this is probably the world's first weaponised computer worm. In a very real sense this is cyberwar.
From Bruce Schneier's excellent blog;

Stuxnet was expensive to create. Estimates are that it took 8 to 10 people six months to write. There's also the lab setup--surely any organization that goes to all this trouble would test the thing before releasing it--and the intelligence gathering to know exactly how to target it. Additionally, zero-day exploits are valuable. They're hard to find, and they can only be used once. Whoever wrote Stuxnet was willing to spend a lot of money to ensure that whatever job it was intended to do would be done.

Symantec's report is very thorough but somewhat long!
The best expose on the whole subject is Steve Gibson's podcast on the subject;

http://media.grc.com/sn/sn-291.mp3

Malwarebytes Anti Malware

I fell foul of this particular bit of malware yesterday - Joe called me to say that a download (a new map for Gary's Mod) had scanned fine (by AVG) when it arrived but on running the installer it became evident that it had arrived with a trojan! AVG detected it but was unable to sanitise it. My other favorite antivirus (the open-source ClamAV) was the same. Panda Antivirus (which we're meant to use at work) couldn't even detect it (yet alone stop the infection).
Malewarebytes Anti-Malware was the only thing to touch it.

The Internet today is full of scam sites, otherwise known as phishing sites that try to sell you products. These products can be potentially harmful to your computer. They install malware, provide false feedback about your computer, and can slow down the computer drastically. These products are known as rogue applications and come in a variety of forms - from anti-malware applications to registry cleaners and even hard drive utilities.

However - once removed the machine had been left pretty impotent.

• In an attempt to stop you running the Microsoft Malicious software removal tool it overwrites the ActiveX engine - try and run any Software Updates without that!
  
• It overwrites all of the previous System Restore points. Damn!
  
• It drops browser helper objects into both IE and Firefox to ensure that you're seeing their websites forever!
  

These people are very clever - I'm off to re-pave a WindowsXP machine!