Discussion in 'malware problems & news' started by sergey ulasen, Jul 12, 2010.
Experts: Stuxnet changed the cybersecurity landscape by Grant Gross.
New Findings On Stuxnet Worm
Courtesy of the New York Times... Some interesting conclusions.
"Then, on Wednesday, Mr. Albright and a colleague, Andrea Stricker, released a report saying that when the worm ramped up the frequency of the electrical current supplying the centrifuges, they would spin faster and faster. The worm eventually makes the current hit 1,410 Hertz, or cycles per second — just enough, they reported, to send the centrifuges flying apart.
In a spooky flourish, Mr. Albright said in the interview, the worm ends the attack with a command to restore the current to the perfect operating frequency for the centrifuges — which, by that time, would presumably be destroyed.
“It’s striking how close it is to the standard value,” he said. "
Re: New Findings On Stuxnet Worm
Thanks for the update
Israel admits it was behind Stuxnet Virus Attack
Not really a surprise as such, but i'm surprised the've admitted it !
I can't view the link as it says you need to be a member
If anyone can provide a working link and/or post some info from it
CloneRanger, after reading that article, it "hints" that Israel was behind it, however, I see no "admission" of them being behind the attack. Excerpts:
Let's stick to the subject and not take this thread off topic by discussing politics and countries. Thanks!
If you couldn't view/read that page, how did you come to your 'conclusion' in red?
Stuxnet has a double payload
Stuxnet virus could target many industries
The second link exaggerates the likelihood of this occurring. I used to design control system using various equipment, and in every system that I installed the control PCs were locked down to a dedicated shell, the PLC and control PCs were installed on a dedicated network with a firewall to any internal MIS systems or database. Data flow was one way from the control network to the MIS/internal network.
The same network arrangement occurred in the food, steel, nuclear, utilities, and other manufacturing industries that I worked in.
Industrial control systems have always been designed to a higher standard that a normal office network simply because they need to be reliable 24 x 7 x 365 in some cases. Polluting a control system network with traffic from a standard office network, is a big no-no.
OK & thanks for the quotes
I saw the link posted on another www & that's the headline it gave !
Attack code published for unpatched Stuxnet vulnerability
Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.
The exploit, written by webDEViL, provides a roadmap to exploit a flaw in the Windows Task Scheduler to elevate rights on vulnerable Windows machines.
It has been successfully tested on systems running Windows Vista, Windows 7 and Windows Server 2008.
UPDATE: MICROSOFT'S RESPONSE:
Attackers Must Already Have Access
“Microsoft is aware of the public posting of the details of an elevation of privilege vulnerability used by the Stuxnet malware,” Jerry Bryant, group manager of Response Communications at Microsoft, said in a statement. “We first discussed this vulnerability in September 2010. Because this is a local elevation of privilege issue, it requires attackers to be already able to execute code on a targeted machine. A bulletin addressing this issue will be released as part of our regular monthly bulletin cycle in the near future.”
MORE HERE: http://www.eweekeurope.co.uk/news/exploit-code-for-stuxnets-unpatched-target-goes-public-14216
Stuxnet Redux: Questions and Answers
Stuxnet Redux: Questions and Answers F-Secure
Hmmmm... very interesting...
Merged Threads to continue the discussion on the same topic!
Never in the field of software security was so much hype achieved from so little effect.
It seems to be this is a 'celebrity' virus, which in reality has achieved nothing but headlines. All bar one of the dropper mechanisms have been already been patched, and the payload was so very, very narrow in scope.
I think the reality is, this particular virus failed to achieve it goal, so why the hype?
This was intended to be as undetectable as possible being a sort of a targetted attack minus the collateral infections with the end result of malfunctioning of certain centrifuge machines that enrich uranium particularly in Iran to derail its nuclear program. But was discovered by accident as the story goes.
It was not intended to create havoc nor for espionage nor to create a botnet nor to create an end of the world scenario nor to create notoriety for its makers.
But there is the initial concern of the theoretical possibility of a greater danger, nuclear plant gone haywire creating greater casualties, or other industrial processes which could produce some mishap among innocent civilians. Also of the possibility that this will be reverse engineered and used by those with more malicious intent. What amazes the researchers with this malware is that it carried 4 zeroday exploits and that it is state sponsored. It's a good thing that zero days of Stuxnet are patched already except one. The shell32.dll vulnerability is I think the most important. Sort of a non documented USB autorun. What if those vulnerabilities weren't patched and other malwares would use those? Imagine the mushrooming of more malicious codes wreaking havoc even on well secured systems/networks to steal trade secrets, etc and more failures of industrial control sysems causing industrial accidents and misfortunes. And not to mention cyberwarfare. It was reported that some critical networks like the military in certain states were also affected by malwares just because of the ubiquitous USB devices. Yes, there are still some not as prudent as you and continue to have false practices despite safety policies like forbidding connectivity between critical systems and not to mentioned those USBs if carried by some insiders/rogue elements or infiltrators to infect your networks/systems. Paranoia? The attack scenario was outlined in the w32.stuxnet dossier by Symantec. Can be easily mitigated by polices and safe practices as you have said but there will always be a means for a determined attacker.
Report: Stuxnet code being sold on black market
Incidentally admin/admin - OSVDB
Nuclear scientist killed in Tehran was Iran's top Stuxnet expert
Prof. Majid Shahriari, who died when his car was attacked in North Tehran Monday, Nov. 29, headed the team Iran established for combating the Stuxnet virus rampaging through its nuclear and military networks.
Iranian President Mahmoud Ahmadinejad said Monday that malicious computer code launched by “enemies” of the state had sabotaged centrifuges used in Iran’s nuclear-enrichment program.
Stuxnet researchers cautious about Iran's admission of centrifuge issues
Art of Destruction:The Mechanics of Stuxnet
A remarkable piece of malware indeed. See a security expert's dissection of the Industrially designed worm that is stuxnet
Merged Threads to Continue Same Topic!
Stuxnet’s Finnish-Chinese Connection
"A third important piece of the puzzle, which I’ll discuss later in this article, directly connects a Chinese antivirus company which writes their own viruses with the Stuxnet worm.
..based solely on the known facts, I consider China to be the most likely candidate for Stuxnet’s origin."
From Jeffrey Carr's 'China-scenario' article in Forbes. link
Some major updates on Stuxnet just posted on the New York Times website.
Thanks for posting this I was just about to
Separate names with a comma.