Rootkit.TmpHider

[SUPERIOR]

A Stuxnet Comeback?

Quote:

A Stuxnet Comeback?
DHS officials warn of potential for son-of-Stuxnet aimed at U.S. critical infrastructure, but security experts say it won't be quite the same

full story

[J_L]

Another unpatched LNK exploit, and even I'll be truly concerned.

[Dermot7]

"Idaho laboratory analyzed Stuxnet computer virus" : http://www.reuters.com/article/2011/...78T08B20110930

[hawki]

Suspicion in Iran that Stuxnet caused Revolutionary Guards base explosions

DEBKAfile Exclusive Report November 18, 2011, 2:29 PM (GMT+02:00)


Is the Stuxnet computer malworm back on the warpath in Iran?

Exhaustive investigations into the deadly explosion last Saturday, Nov. 12 of the Sejil-2 ballistic missile at the Revolutionary Guards (IRGC) Alghadir base point increasingly to a technical fault originating in the computer system controlling the missile and not the missile itself. The head of Iran's ballistic missile program Maj. Gen. Hassan Moghaddam was among the 36 officers killed in the blast which rocked Tehran 46 kilometers away.
(Tehran reported 17 deaths although 36 funerals took place.)

Since the disaster, experts have run tests on missiles of the same type as Sejil 2 and on their launching mechanisms.

debkafile's military and Iranian sources disclose three pieces of information coming out of the early IRGC probe:
1. Maj. Gen. Moghaddam had gathered Iran's top missile experts around the Sejil 2 to show them a new type of warhead which could also carry a nuclear payload. No experiment was planned. The experts were shown the new device and asked for their comments.
2. Moghaddam presented the new warhead through a computer simulation attached to the missile. His presentation was watched on a big screen. The missile exploded upon an order from the computer.

The warhead blew first; the solid fuel in its engines next, so explaining the two consecutive bangs across Tehran and the early impression of two explosions, the first more powerful than the second, occurring at the huge 52 sq. kilometer complex of Alghadir.

3. Because none of the missile experts survived and all the equipment and structures pulverized within a half-kilometer radius of the explosion, the investigators had no witnesses and hardly any physical evidence to work from.

Iranian intelligence heads entertain two initial theories to account for the sudden calamity: a) that Western intelligence service or the Israeli Mossad managed to plant a technician among the missile program's personnel and he signaled the computer to order the missile to explode; or b), a theory which they find more plausible, that the computer controlling the missile was infected with the Stuxnet virus which misdirected the missile into blowing without anyone present noticing anything amiss until it was too late.

It is the second theory which has got Iran's leaders really worried because it means that, in the middle of spiraling tension with the United States and Israel or their nuclear weapons program, their entire Shahab 3 and Sejil 2 ballistic missile arsenal is infected and out of commission until minute tests are completed. Western intelligence sources told debkafile that Iran's supreme armed forces chief Gen. Hassan Firouz-Abadi was playing for time when he announced this week that the explosion had "only delayed by two weeks the manufacturing of an experimental product by the Revolutionary Guards which could be a strong fist in the face of arrogance (the United States) and the occupying regime (Israel)."

Iran needs time to thoroughly investigate the causes of the fatal explosion and convince everyone that the computer systems controlling its missiles of the Stuxnet malworm will be cleansed and running in no time just like the Natanz uranium enrichment installation and Bushehr atomic reactor which were decontaminated between June and September 2010.

If indeed Stuxnet is back, the cleanup this time would take several months, according to Western experts - certainly longer than the two weeks estimated by Gen. Firouz-Abadi.

Those experts also rebut the contention of certain Western and Russian computer pros that Stuxnet and another virus called Duqu are linked.

The head of Iran's civil defense program Gholamreza Jalali said this week that the fight against Duqu is "in its initial phase" and the final report "which says which organizations the virus has spread to and what its impacts are has not been complete yet. All the organizations and centers that could be susceptible to being contaminated are under control."



http://www.debka.com/article/21496/

[trismegistos]

Quote:

Originally Posted by J_L

Another unpatched LNK exploit, and even I'll be truly concerned.

It is a Vulnerability in TrueType font parsing which could allow elevation of privileges and arbitrary code execution...



-http://technet.microsoft.com/en-us/security/advisory/2639658

[Dermot7]

Quote:

The exact shape of an IR-1 cascade was not publicly known but was computed in approximation by Alexander Glaser from Princeton, based on revelations of a talkative Gholam-Reza Aqazadeh who let the world know that Iran used to group their IR-1 cascades into fifteen stages. From the IR-1 cascade structure computed by Alex we were able to link Stuxnet’s 417 attack code to Natanz – the match was simply too good to be a coincidence.

http://www.langner.com/en/2011/12/07...cascade-shape/

http://www.langner.com/en/2011/12/11...cascade-model/

[hawki]

FWIW:

US claims Russia behind Stuxnet
Might not have been the US, Israel

12 Dec 2011 11:16 | by Edward Berridge | Filed in Security Symantec USA


US claims Russia behind Stuxnet -

Tinfoil hats at the ready. While many think that the US and Israel were behind the Stuxnet computer worm that hit Iran's nuclear facilities, the latest speculation is that it might have been Moscow.

Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute. He told the Diplomat that the one weak point in the theory that the US and Israel hit the Iranian nuclear problem with Stuxnet is that both sides denied it when they would not have had to.

Yannakogeorgos said that the Russians could have equally carried out the attack. Apparenly the Russians are not that happy about an Iranian indigenous nuclear capability even if they are helping build it.

Russia has a good reason not to want Iran to get its paws on nuclear technology. In 1995, for example, Chechen rebels planted a "dirty bomb" in Moscow's Izmailovsky Park. Nuclear material is much more secure in Russia but if Iran develops a full-blown nuclear capability, Chechen or other violent extremist and nationalist rebels go to Iran to buy the material.

Yannakogeorgos thinks it is better for Russia to string the Iranians along. Russian companies will make money as the Iranians keep Russian scientists and engineers in the country, who can oversee Iranian nuclear progress. But the problem is that if the Russians delay a programme on technical grounds Iran will smell a rat.

"At the same time, their involvement in the nuclear program is leverage in Russo-American negotiations," Yannakogeorgos said.

He suggested it was much better for the Russians to plant a worm with digital US-Israeli fingerprints so it would have to appear as if it were a clandestine operation by an adversary that didn't have access to the gateway entry points. Observers of the virus could alert the Iranians before full nuclear catastrophe struck.

Yannakogeorgos noted that it was a Belarusian computer security expert who "discovered" the code. But they mysteriously did not seem interested in reverse engineering the malicious code to see what it was designed to do. Symantec researchers took on that task.

If this is true, Iran fell for it. The Stuxnet attack, coupled with an assassination campaign targeting Iranian nuclear and computer scientists and various leaks suggesting covert action, all made for a compelling case of US involvement.

Meanwhile, the Iranian boffins themselves are nervous about having gear which might have a virus on board and they, not the Russians are slowing down the development.



http://news.techeye.net/security/us-...behind-stuxnet

[CloneRanger]

@ hawki

Thanks for the, "It could have been the Ruskies" info. I hadn't considered that aspect, even though i Know there are some Excellent coders etc in Russia.

[MrBrian]

Stuxnet Expert: Analysis Shows Design Flaw, Not Vulnerability Sunk Siemens

[Dermot7]

Quote:

Ralph Langner’s Stuxnet Deep Dive is the definitive technical presentation on the PLC attack portion of Stuxnet. He did a good job of showing very technical details in a readable and logical presentation that you can follow in the video if you know something about programming and PLC’s.

The main purpose of Ralph’s talk was to convince the audience with “100% certainty” that Stuxnet was designed specifically to attack the Natanz facility. He does this at least four different ways, and I have to agree there is no doubt.

http://www.digitalbond.com/2012/01/3...dive-s4-video/

[MrBrian]

Experts say Iran has "neutralized" Stuxnet virus

[CloneRanger]

@ MrBrian

Thanks for posting

Now they can Lawfully continue their work, just as other sovereign countries can & do Yellowcake sounds tasty

[Baserk]

Those Iranians better have finally paid for the expired WinCC licenses (pic, larger pic) on which they run their sugar refineries? nuclear power plants.
No licenses, no Siemens customer support...
I wonder what the current UN inspection team will be taking pics off.

[Dermot7]

Quote:

(CBS News) The most pernicious computer virus ever known wasn't out to steal your money, identity, or passwords. So what was the intricate Stuxnet virus after? Its target appears to have been the centrifuges in a top secret Iranian nuclear facility. Stuxnet showed, for the first time, that a cyber attack could cause significant physical damage to a facility. Does this mean that future malware, modeled on Stuxnet, could target other critical infrastructure -- such as nuclear power plants or water systems? What kind of risk do we face in this country? Steve Kroft reports.

The following script is from "Stuxnet" which aired on March 4, 2012. Steve Kroft is the correspondent. Graham Messick, producer.

http://www.cbsnews.com/8301-18560_16...ra-of-warfare/

[Dermot7]

Quote:

This paper compares the results of the most well-known security products for detecting Stuxnet malware and for locating infecting or suspicious files that contain Stuxnet. Section II describes the conditions of our test methodology—choosing products, their settings, using virtual machine, etc. Section III lists the included products and their versions. Section IV presents the results of each product for seven infected projects and their comparison with each other. Finally, Section V presents a summary of our conclusions.

http://www.controlglobal.com/article...nian-view.html