Stuxnet Analysis: "Same Old Thing"

Discussion in 'malware problems & news' started by Rmus, Sep 24, 2010.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Mar 16, 2005
    The quote is mine, and I've used it a number of times for many of the recent exploits, referring not to the sophistication of what the malware does after installed, but rather to the distribution process: the attack vectors. In this respect, nothing has changed.

    The recent Eset analysis (PDF file) of the Stuxnet worm (Win32/Stuxnet) is a wonderful, step by step analysis of the attack methods:

    Stuxnet Under the Microscope

    I will summarize a few of the important points, starting with page 5, where they display a graph showing the 3 stages of the infection process, which are:

    Sound familiar?

    Then, pages 21ff describe the infection process. This is the first vulnerability discussed, the LNK exploit:

    Well, the malware DLL may not be executed, of course, depending on the client-side security set up, and this has been discussed already in other threads, showing how easy it is to block this attack with many solutions available today.

    The next part of the Eset analysis describes in detail the four attack vectors. Following that, readers interested just in preventative measures can stop reading, because it is evident what protective measures are needed!

    Unfortunately, most articles on these types of exploits, especially in the mainstream media, do not provide this pertinent information, and we are left to forge around for details.

    I wish something like this could have been published earlier on!

    The paper continues with a detailed analysis of how the malware works once installed, which makes for very interesting reading indeed!

    NOTE: The Eset Analysis is linked in the article posted by ronjor here:

  2. Boyfriend

    Boyfriend Registered Member

    Jun 7, 2010
    Thanks Rmus for info. Currently reading it throughly...
  3. CloneRanger

    CloneRanger Registered Member

    Jan 4, 2006
    Yes the ESET article is very good :thumb:

    We agree about the prevention techniques/apps that have been available for years, and now there are even more of them. Quite why industry/companies large & small hasn't made use of them in droves by now is very strange. Maybe they aren't aware of them ? It's about time they were, especially these days with tens of thousands of nasty badware released Every day !

    Also we might expect critical systems to NOT be connected to the www, and have any/all possible entry vectors like USB etc sockets, sealed and/or locked, only to be made available to very limited and knowledgable personnel.

    If this was done most if not all infections/downtime/expense etc etc would be avoided.
Thread Status:
Not open for further replies.