Rootkit.TmpHider

Discussion in 'malware problems & news' started by sergey ulasen, Jul 12, 2010.

Thread Status:
Not open for further replies.
  1. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Re: A Stuxnet Comeback?

    Another unpatched LNK exploit, and even I'll be truly concerned.
     
  2. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Suspicion in Iran that Stuxnet caused Revolutionary Guards base explosions

    DEBKAfile Exclusive Report November 18, 2011, 2:29 PM (GMT+02:00)


    Is the Stuxnet computer malworm back on the warpath in Iran?

    Exhaustive investigations into the deadly explosion last Saturday, Nov. 12 of the Sejil-2 ballistic missile at the Revolutionary Guards (IRGC) Alghadir base point increasingly to a technical fault originating in the computer system controlling the missile and not the missile itself. The head of Iran's ballistic missile program Maj. Gen. Hassan Moghaddam was among the 36 officers killed in the blast which rocked Tehran 46 kilometers away.
    (Tehran reported 17 deaths although 36 funerals took place.)

    Since the disaster, experts have run tests on missiles of the same type as Sejil 2 and on their launching mechanisms.

    debkafile's military and Iranian sources disclose three pieces of information coming out of the early IRGC probe:
    1. Maj. Gen. Moghaddam had gathered Iran's top missile experts around the Sejil 2 to show them a new type of warhead which could also carry a nuclear payload. No experiment was planned. The experts were shown the new device and asked for their comments.
    2. Moghaddam presented the new warhead through a computer simulation attached to the missile. His presentation was watched on a big screen. The missile exploded upon an order from the computer.

    The warhead blew first; the solid fuel in its engines next, so explaining the two consecutive bangs across Tehran and the early impression of two explosions, the first more powerful than the second, occurring at the huge 52 sq. kilometer complex of Alghadir.


    3. Because none of the missile experts survived and all the equipment and structures pulverized within a half-kilometer radius of the explosion, the investigators had no witnesses and hardly any physical evidence to work from.

    Iranian intelligence heads entertain two initial theories to account for the sudden calamity: a) that Western intelligence service or the Israeli Mossad managed to plant a technician among the missile program's personnel and he signaled the computer to order the missile to explode; or b), a theory which they find more plausible, that the computer controlling the missile was infected with the Stuxnet virus which misdirected the missile into blowing without anyone present noticing anything amiss until it was too late.

    It is the second theory which has got Iran's leaders really worried because it means that, in the middle of spiraling tension with the United States and Israel or their nuclear weapons program, their entire Shahab 3 and Sejil 2 ballistic missile arsenal is infected and out of commission until minute tests are completed. Western intelligence sources told debkafile that Iran's supreme armed forces chief Gen. Hassan Firouz-Abadi was playing for time when he announced this week that the explosion had "only delayed by two weeks the manufacturing of an experimental product by the Revolutionary Guards which could be a strong fist in the face of arrogance (the United States) and the occupying regime (Israel)."

    Iran needs time to thoroughly investigate the causes of the fatal explosion and convince everyone that the computer systems controlling its missiles of the Stuxnet malworm will be cleansed and running in no time just like the Natanz uranium enrichment installation and Bushehr atomic reactor which were decontaminated between June and September 2010.

    If indeed Stuxnet is back, the cleanup this time would take several months, according to Western experts - certainly longer than the two weeks estimated by Gen. Firouz-Abadi.

    Those experts also rebut the contention of certain Western and Russian computer pros that Stuxnet and another virus called Duqu are linked.

    The head of Iran's civil defense program Gholamreza Jalali said this week that the fight against Duqu is "in its initial phase" and the final report "which says which organizations the virus has spread to and what its impacts are has not been complete yet. All the organizations and centers that could be susceptible to being contaminated are under control."



    http://www.debka.com/article/21496/
     
  4. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    363
    Re: A Stuxnet Comeback?

    It is a Vulnerability in TrueType font parsing which could allow elevation of privileges and arbitrary code execution...

    [​IMG]

    -http://technet.microsoft.com/en-us/security/advisory/2639658
     
    Last edited: Nov 29, 2011
  5. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    http://www.langner.com/en/2011/12/07/the-prez-shows-his-cascade-shape/

    http://www.langner.com/en/2011/12/11/an-accurate-ir-1-cascade-model/
     
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    FWIW:

    US claims Russia behind Stuxnet
    Might not have been the US, Israel

    12 Dec 2011 11:16 | by Edward Berridge | Filed in Security Symantec USA


    US claims Russia behind Stuxnet -

    Tinfoil hats at the ready. While many think that the US and Israel were behind the Stuxnet computer worm that hit Iran's nuclear facilities, the latest speculation is that it might have been Moscow.

    Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute. He told the Diplomat that the one weak point in the theory that the US and Israel hit the Iranian nuclear problem with Stuxnet is that both sides denied it when they would not have had to.

    Yannakogeorgos said that the Russians could have equally carried out the attack. Apparenly the Russians are not that happy about an Iranian indigenous nuclear capability even if they are helping build it.

    Russia has a good reason not to want Iran to get its paws on nuclear technology. In 1995, for example, Chechen rebels planted a "dirty bomb" in Moscow's Izmailovsky Park. Nuclear material is much more secure in Russia but if Iran develops a full-blown nuclear capability, Chechen or other violent extremist and nationalist rebels go to Iran to buy the material.

    Yannakogeorgos thinks it is better for Russia to string the Iranians along. Russian companies will make money as the Iranians keep Russian scientists and engineers in the country, who can oversee Iranian nuclear progress. But the problem is that if the Russians delay a programme on technical grounds Iran will smell a rat.

    "At the same time, their involvement in the nuclear program is leverage in Russo-American negotiations," Yannakogeorgos said.

    He suggested it was much better for the Russians to plant a worm with digital US-Israeli fingerprints so it would have to appear as if it were a clandestine operation by an adversary that didn't have access to the gateway entry points. Observers of the virus could alert the Iranians before full nuclear catastrophe struck.

    Yannakogeorgos noted that it was a Belarusian computer security expert who "discovered" the code. But they mysteriously did not seem interested in reverse engineering the malicious code to see what it was designed to do. Symantec researchers took on that task.

    If this is true, Iran fell for it. The Stuxnet attack, coupled with an assassination campaign targeting Iranian nuclear and computer scientists and various leaks suggesting covert action, all made for a compelling case of US involvement.

    Meanwhile, the Iranian boffins themselves are nervous about having gear which might have a virus on board and they, not the Russians are slowing down the development.



    http://news.techeye.net/security/us-claims-russia-behind-stuxnet
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ hawki

    Thanks for the, "It could have been the Ruskies" info. :thumb: I hadn't considered that aspect, even though i Know there are some Excellent coders etc in Russia.
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  9. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    http://www.digitalbond.com/2012/01/31/langners-stuxnet-deep-dive-s4-video/
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  11. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ MrBrian

    Thanks for posting :thumb:

    Now they can Lawfully continue their work, just as other sovereign countries can & do :p Yellowcake sounds tasty :D
     
  12. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Those Iranians better have finally paid for the expired WinCC licenses (pic, larger pic) on which they run their sugar refineries? nuclear power plants.
    No licenses, no Siemens customer support...
    I wonder what the current UN inspection team will be taking pics off. :p
     
  13. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    http://www.cbsnews.com/8301-18560_162-57390124/stuxnet-computer-worm-opens-new-era-of-warfare/
     
  14. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    http://www.controlglobal.com/articles/2012/stuxnet-iranian-view.html
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.