Discussion in 'malware problems & news' started by sergey ulasen, Jul 12, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Interesting they only say "impede"

    Seems like the Sality gang did waste time, and launched the latest nasties after the patch was released :D I suppose they are "Banking" on some people not being updated, as indeed they won't be :(
  2. MrBrian

    MrBrian Registered Member

    From Stuxnet could hijack power plants, refineries:
  3. CloneRanger

    CloneRanger Registered Member

  4. Malcontent

    Malcontent Registered Member

    Stuxnet: Dissecting the Worm

  5. CloneRanger

    CloneRanger Registered Member

    False SCADA attack from 2009 turns into Real ones over a year later. I wonder if the Stuxnet coders got the idea from this ?

    The video is funny -
  6. MrBrian

    MrBrian Registered Member

    From Stuxnet attackers used 4 Windows zero-day exploits:
  7. CloneRanger

    CloneRanger Registered Member

    @ MrBrian

    Thanks for the update :thumb:

    So it's a lot worse than we initially realised, and 2 critical holes still wide open :eek: I expect other nasties will try and and make use of them soon, if they havn't already.
  8. CloneRanger

    CloneRanger Registered Member

    Stuxnet revelations

    Sounds and looks like we are getting closer to discovering a lot more about the what/who/why and Stuxnet :eek:

    Secret agents, double agents, espoinage, war by proxy etc etc. And it's not exactly a surprise to find out who the baddies are behind all of this :thumbd: Amazed yes at their continued illegal activities both where they live and around the world, but not suprised. It'll be very interesting to see what the rest of the worlds goverments have to say about it, and "IF" they even propose ANY condemnation etc, let alone any punishment/sanctions.

    I posted earlier about the the fact that the Iranians had discovered this malware in their SCADA systems.

    Latest Seimens update is now 15 systems infected worldwide - http://support.automation.siemens.c...lib.csinfo&lang=en&objid=43876783&caller=view

  9. MrBrian

    MrBrian Registered Member

  10. aigle

    aigle Registered Member

    just a wild idea in my mind since i read about this malware. Doesn't .lnk exploit seems a back door intentionally left by MS and somehow revealed open to the world.
  11. CloneRanger

    CloneRanger Registered Member

    @ aigle

    Not so wild, but will we ever know for sure ? At least we have that vector blocked now ;) Funny, sometimes good things can come from malware :D


    The plot thickens

  12. CloneRanger

    CloneRanger Registered Member

    More conformation :eek:

    Thanks to ratchet :thumb: for the above link from here -

    Strange ! Seimens says still only 15 :p



    The best way to eliminate ALL signs of Stuxnet on Irans system/s would be to reinstall a fresh copy of SCADA on a new HD. Then swap over to that and destroy the previous one, or even better, keep it as evidence for industrial espionage ;)
    Last edited: Sep 22, 2010
  13. culla

    culla Registered Member

    i'm completely protected under my tin foil hat :argh:
  14. ronjor

    ronjor Global Moderator
  15. Searching_ _ _

    Searching_ _ _ Registered Member

    The direction the world is going is right on track where it should be, don't worry for it's current direction, just prepare.

    Ants are wise. The Ant doesn't listen to rumors, but continually puts extra into storage. Because the Ant learned that difficulties do come and they don't waste the energy debating when they will come. The Ant prepares.

    Cool article Ronjor.
  16. CloneRanger

    CloneRanger Registered Member

    Stuxnet C&C investigation

    I'm not sure what to make of all this, so please chip in with your thoughts etc. Remember i'm not an expert, just tried to do some background digging ;) & = = Gone & = Both still live but appear dead !

    So has the Stuxnet bad people taken over those www's by legit means, or highjacked them ? Strange that Anner who went out of business in 2006 is listed as the owners of those www's ? & = Could not find a domain name corresponding to this IP address.

    Network Operation Center
    Zen Systems ApS
    Esromgade 15, 1 - 3. sal
    DK-2200 København N

    ISP domain: TIME.NET.MY
    Location information:
    Country: MALAYSIA is the upload channel for Stuxnet, or one of them anyway, or was.

    I got the www's from this excellent article, that ronjor :thumb: linked to.

  17. tgell

    tgell Registered Member

    Sorry if this article has already been referenced in this thread:

    Software smart bomb fired at Iranian nuclear plant: experts

  18. CloneRanger

    CloneRanger Registered Member

    Stuxnet Before the .lnk File Vulnerability

    Many more articles here -
  19. CloneRanger

    CloneRanger Registered Member
  20. Dermot7

    Dermot7 Registered Member

  21. CloneRanger

    CloneRanger Registered Member

    The availability of previously, unknown at large, 4 vulnerabilities in which to choose from which Stuxnet had at it's disposal, could be seen as MS backdoors, especially the .LNK one It might be stretching it a bit/lot to say all vulnerabilities are intentional backdoors, but "some" could be, and in the past "may" have been. It's "possible" one or more of these could have been passed on to "whoever" by shush you know who !

    Fascinating reading, for those that didn't know, and maybe a reminder for those that did.


    Stuxnet goes mainstream

    Mainstream media as well as independent outlets giving Stuxnet more coverage now. Quite a number of links, and links to links from this one.

  22. noone_particular

    noone_particular Registered Member

    If that malware causes a major nuclear accident, the developer nation of that malware is guilty of mass murder of civilians and is responsible for all the environmental damage. The result would be no different than terrorists detonating a nuclear dirty bomb, with no regard for the hundreds of millions who are downwind.
  23. dw426

    dw426 Registered Member

    It isn't designed for that, clearly. It's meant to delay from what things are looking like. It may not even be working as planned, if some reports are to be believed (I would doubt these reports highly). What I'm seeing this as is, hmm, how should I put this? "Forceful diplomacy"? If sanctions don't work, and they never do, step it up a notch and make life miserable for the plant operators and staff. Oh, if anyone has the strange belief that this is just the U.S involved, wake up.
  24. hawki

    hawki Registered Member

    Stuxnet worm can re-infect scrubbed PCs

    Iran's attempts to eradicate worm could be stymied by new infection vector, says researcher

    " A security researcher today revealed yet another way that the Stuxnet worm spreads, a tactic that can re-infect machines that have already been scrubbed of the malware.....

    Liam O Murchu, manager of operations on Symantec's security response team and one of a handful of researchers who have been analyzing Stuxnet since its public appearance in July, said today he'd found another way that the worm spreads. According to O Murchu, Stuxnet also injects a malicious DLL into every Step 7 project on a compromised PC, ensuring that the worm spreads to other, unaffected PCs whenever an infected Step 7 file is opened.

    Step 7 is the Siemens software used to program and configure the German company's industrial control system hardware. When Stuxnet detects Step 7 software, it tries to hijack the program and pass control to outsiders.

    "All Step 7 projects [on a compromised computer] are infected by Stuxnet," O Murchu said in an interview today. "Anyone who opens a project infected by Stuxnet is then compromised by the worm."

    Last edited: Sep 27, 2010
Thread Status:
Not open for further replies.