Avast WEBforum
Other => General Topics => Topic started by: polonus on September 18, 2010, 06:36:25 PM
-
Hi malware fighters,
Various av researchers are perplexeded by the organizational skills and the complexity behind the development of stuxnet worm after having analyzed this malware. Those behind it were on a mission to break in into as many corp. networks as they could and knew they weren't found out. The developers worked as a team of people of various backgrounds to create this half megabyte miscreation made up of many languages, like C, C+ and various object-oriented languages. Iran was the main target of the worm, because 60% of infections found place there, and the attacks must have been part of a big, big project, there was even a counter on the infected pendrive used to infect. Stuxnet makes use of five exploits, four of them are zero-days, together with legit certifications from Realtek and JMicron. About the SCADA-site of the malware "In most SCADA-networks there is no logging and there is minimal protection used and the patchcycle is very slow. Therefore the use of MS08-067 was just right,vaccording to Kaspersky Lab's Roel Schouwenberg, re: http://news.idg.no/cw/art.cfm?id=1A47A9A1-1A64-6A71-CE9A3AA0B72636B7
polonus
-
More The sky is falling scareware tactics ;)
-
Hi YoKenny,
You can try to ridicule everything that we post here, but this malcreation was not the work of a lone malcreant script kiddie or came from the racks of the average cybercriminal.Stuxnet (a name derived from some of the filename/strings in the malware - mrxcls.sys, mrxnet.sys). The names of malware also gives certain clues for where we have to look for the origins thereof ;D
This was specially crafted and directed malware for a very specific targeted purpose/project that later became more widely known and used. Stuxnet infects Windows systems in its search for industrial control systems, and probably this source is reliable enough for you? Re: http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx
First identified in Belarus, re: http://www.wilderssecurity.com/showthread.php?p=1712146
and having a couple of variants: http://www.symantec.com/connect/blogs/w32stuxnet-variants,
polonus
-
I now see :o
On top of all this, we've identified yet another zero-day vulnerability in Stuxnet's code, this time an Elevation of Privilege (EoP) vulnerability. The worm uses this to get complete control over the affected system. A second EoP vulnerability was identified by Microsoft personnel, and both vulnerabilities will be fixed in a security bulletin in the near future.
http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061
-
Hi YoKenny,
New interesting news about Stuxnet from Germany: http://www.langner.com/en/index.htm
Re also: http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices
Speculations about who are behind Stuxnet: http://threatpost.com/en_us/blogs/stuxnet-attack-shows-signs-nation-state-involvement-experts-say-080410
The Windows Print Spooler hole that Stuxnet abused, was over a year old before it was patched by MS last week,
polonus
-
Hi malware fighters,
New interesting reads speculating about the target of Stuxnet and the way Stuxnet worked: http://frank.geekheim.de/?p=1189 http://www.symantec.com/connect/ja/blogs/exploring-stuxnet-s-plc-infection-process
polonus
-
do they have computers at iran?it's like sitting on pc and trying to avoid bombs ;D
-
Hi malware fighters,
Various av researchers are perplexeded by the organizational skills and the complexity behind the development of stuxnet worm after having analyzed this malware. Those behind it were on a mission to break in into as many corp. networks as they could and knew they weren't found out. The developers worked as a team of people of various backgrounds to create this half megabyte miscreation made up of many languages, like C, C+ and various object-oriented languages. Iran was the main target of the worm, because 60% of infections found place there, and the attacks must have been part of a big, big project, there was even a counter on the infected pendrive used to infect. Stuxnet makes use of five exploits, four of them are zero-days, together with legit certifications from Realtek and JMicron. About the SCADA-site of the malware "In most SCADA-networks there is no logging and there is minimal protection used and the patchcycle is very slow. Therefore the use of MS08-067 was just right,vaccording to Kaspersky Lab's Roel Schouwenberg, re: http://news.idg.no/cw/art.cfm?id=1A47A9A1-1A64-6A71-CE9A3AA0B72636B7
polonus
another re-written article...at least here you gave the link...but that didn't prevent you from posting the content as if it was from you, again, without quoting anything as usual ::) >>>> the link here is no reference, it's the original content, ripped off and reposted (and most likely mixed with another "found" article that you didn't mention).
-
Thanks for the info. polonus.
-
(http://www.microsoft.com/security/portal/blog-images/stuxnet-saturation-2010-07-16.png)
Stuxnet a precision, military-grade cyber missile
http://www.earlytoday.co.nr/
http://www.nytimes.com/external/idg/2010/09/25/25idg-iran-confirms-massive-stuxnet-infection-of-industria-45754.html