Author Topic: Is Stuxnet worm the most innovative ever?  (Read 7310 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Is Stuxnet worm the most innovative ever?
« on: September 18, 2010, 06:36:25 PM »
Hi malware fighters,

Various av researchers are perplexeded by the organizational skills and the complexity behind the development of stuxnet worm after having analyzed this malware. Those behind it were on a mission to break in into as many corp. networks as they could and knew they weren't found out. The developers worked as a team of people of various backgrounds to create this half megabyte miscreation made up of many languages, like C, C+ and various object-oriented languages. Iran was the main target of the worm, because 60% of infections found place there, and the attacks must have been part of a big, big project, there was even a counter on the infected pendrive used to infect. Stuxnet makes use of five exploits, four of them are zero-days, together with legit certifications from Realtek and JMicron. About the SCADA-site of the malware "In most SCADA-networks there is no logging and there is minimal protection used and the patchcycle is very slow. Therefore the use of MS08-067 was just right,vaccording to Kaspersky Lab's Roel Schouwenberg,  re: http://news.idg.no/cw/art.cfm?id=1A47A9A1-1A64-6A71-CE9A3AA0B72636B7

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

YoKenny

  • Guest
Re: Is Stuxnet worm the most innovative ever?
« Reply #1 on: September 18, 2010, 07:32:22 PM »
More The sky is falling scareware tactics ;)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Is Stuxnet worm the most innovative ever?
« Reply #2 on: September 18, 2010, 11:23:26 PM »
Hi YoKenny,

 You can try to ridicule everything that we post here, but this malcreation was not the work of a lone malcreant script kiddie or came from the racks of the average cybercriminal.Stuxnet (a name derived from some of the filename/strings in the malware - mrxcls.sys, mrxnet.sys). The names of malware also gives certain clues for where we have to look for the origins thereof  ;D

 This was specially crafted and directed malware for a very specific targeted purpose/project that later became more widely known and used. Stuxnet infects Windows systems in its search for industrial control systems, and probably this source is reliable enough for you? Re: http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx
First identified in Belarus, re: http://www.wilderssecurity.com/showthread.php?p=1712146
and having a couple of variants: http://www.symantec.com/connect/blogs/w32stuxnet-variants,

polonus
« Last Edit: September 19, 2010, 12:58:53 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

YoKenny

  • Guest
Re: Is Stuxnet worm the most innovative ever?
« Reply #3 on: September 19, 2010, 02:01:33 AM »
I now see :o
Quote
On top of all this, we've identified yet another zero-day vulnerability in Stuxnet's code, this time an Elevation of Privilege (EoP) vulnerability. The worm uses this to get complete control over the affected system. A second EoP vulnerability was identified by Microsoft personnel, and both vulnerabilities will be fixed in a security bulletin in the near future.
http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Is Stuxnet worm the most innovative ever?
« Reply #4 on: September 20, 2010, 09:22:24 PM »
Hi YoKenny,

New interesting news about Stuxnet from Germany: http://www.langner.com/en/index.htm
Re also: http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices
Speculations about who are behind Stuxnet: http://threatpost.com/en_us/blogs/stuxnet-attack-shows-signs-nation-state-involvement-experts-say-080410
The Windows Print Spooler hole that Stuxnet abused, was over a year old before it was patched by MS last week,


polonus
« Last Edit: September 20, 2010, 09:27:40 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Is Stuxnet worm the most innovative ever?
« Reply #5 on: September 22, 2010, 10:11:37 PM »
Hi malware fighters,

New interesting reads speculating about the target of Stuxnet and the way Stuxnet worked: http://frank.geekheim.de/?p=1189 http://www.symantec.com/connect/ja/blogs/exploring-stuxnet-s-plc-infection-process

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: Is Stuxnet worm the most innovative ever?
« Reply #6 on: September 22, 2010, 10:15:32 PM »
do they have computers at iran?it's like sitting on pc and trying to avoid bombs ;D
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Hermite15

  • Guest
Re: Is Stuxnet worm the most innovative ever?
« Reply #7 on: September 29, 2010, 12:49:52 AM »
Hi malware fighters,

Various av researchers are perplexeded by the organizational skills and the complexity behind the development of stuxnet worm after having analyzed this malware. Those behind it were on a mission to break in into as many corp. networks as they could and knew they weren't found out. The developers worked as a team of people of various backgrounds to create this half megabyte miscreation made up of many languages, like C, C+ and various object-oriented languages. Iran was the main target of the worm, because 60% of infections found place there, and the attacks must have been part of a big, big project, there was even a counter on the infected pendrive used to infect. Stuxnet makes use of five exploits, four of them are zero-days, together with legit certifications from Realtek and JMicron. About the SCADA-site of the malware "In most SCADA-networks there is no logging and there is minimal protection used and the patchcycle is very slow. Therefore the use of MS08-067 was just right,vaccording to Kaspersky Lab's Roel Schouwenberg,  re: http://news.idg.no/cw/art.cfm?id=1A47A9A1-1A64-6A71-CE9A3AA0B72636B7

polonus

another re-written article...at least here you gave the link...but that didn't prevent you from posting the content as if it was from you, again, without quoting anything as usual ::) >>>> the link here is no reference, it's the original content, ripped off and reposted (and most likely mixed with another "found" article that you didn't mention).

« Last Edit: September 29, 2010, 12:53:08 AM by Logos »

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Is Stuxnet worm the most innovative ever?
« Reply #8 on: September 29, 2010, 07:46:53 PM »
Thanks for the info. polonus.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek