Author Topic: Is Stuxnet worm the most innovative ever?  (Read 6368 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33321
  • malware fighter
Is Stuxnet worm the most innovative ever?
« on: September 18, 2010, 06:36:25 PM »
Hi malware fighters,

Various av researchers are perplexeded by the organizational skills and the complexity behind the development of stuxnet worm after having analyzed this malware. Those behind it were on a mission to break in into as many corp. networks as they could and knew they weren't found out. The developers worked as a team of people of various backgrounds to create this half megabyte miscreation made up of many languages, like C, C+ and various object-oriented languages. Iran was the main target of the worm, because 60% of infections found place there, and the attacks must have been part of a big, big project, there was even a counter on the infected pendrive used to infect. Stuxnet makes use of five exploits, four of them are zero-days, together with legit certifications from Realtek and JMicron. About the SCADA-site of the malware "In most SCADA-networks there is no logging and there is minimal protection used and the patchcycle is very slow. Therefore the use of MS08-067 was just right,vaccording to Kaspersky Lab's Roel Schouwenberg,  re: http://news.idg.no/cw/art.cfm?id=1A47A9A1-1A64-6A71-CE9A3AA0B72636B7

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: Is Stuxnet worm the most innovative ever?
« Reply #1 on: September 18, 2010, 07:32:22 PM »
More The sky is falling scareware tactics ;)
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33321
  • malware fighter
Re: Is Stuxnet worm the most innovative ever?
« Reply #2 on: September 18, 2010, 11:23:26 PM »
Hi YoKenny,

 You can try to ridicule everything that we post here, but this malcreation was not the work of a lone malcreant script kiddie or came from the racks of the average cybercriminal.Stuxnet (a name derived from some of the filename/strings in the malware - mrxcls.sys, mrxnet.sys). The names of malware also gives certain clues for where we have to look for the origins thereof  ;D

 This was specially crafted and directed malware for a very specific targeted purpose/project that later became more widely known and used. Stuxnet infects Windows systems in its search for industrial control systems, and probably this source is reliable enough for you? Re: http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx
First identified in Belarus, re: http://www.wilderssecurity.com/showthread.php?p=1712146
and having a couple of variants: http://www.symantec.com/connect/blogs/w32stuxnet-variants,

polonus
« Last Edit: September 19, 2010, 12:58:53 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: Is Stuxnet worm the most innovative ever?
« Reply #3 on: September 19, 2010, 02:01:33 AM »
I now see :o
Quote
On top of all this, we've identified yet another zero-day vulnerability in Stuxnet's code, this time an Elevation of Privilege (EoP) vulnerability. The worm uses this to get complete control over the affected system. A second EoP vulnerability was identified by Microsoft personnel, and both vulnerabilities will be fixed in a security bulletin in the near future.
http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061

E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33321
  • malware fighter
Re: Is Stuxnet worm the most innovative ever?
« Reply #4 on: September 20, 2010, 09:22:24 PM »
Hi YoKenny,

New interesting news about Stuxnet from Germany: http://www.langner.com/en/index.htm
Re also: http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices
Speculations about who are behind Stuxnet: http://threatpost.com/en_us/blogs/stuxnet-attack-shows-signs-nation-state-involvement-experts-say-080410
The Windows Print Spooler hole that Stuxnet abused, was over a year old before it was patched by MS last week,


polonus
« Last Edit: September 20, 2010, 09:27:40 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33321
  • malware fighter
Re: Is Stuxnet worm the most innovative ever?
« Reply #5 on: September 22, 2010, 10:11:37 PM »
Hi malware fighters,

New interesting reads speculating about the target of Stuxnet and the way Stuxnet worked: http://frank.geekheim.de/?p=1189 http://www.symantec.com/connect/ja/blogs/exploring-stuxnet-s-plc-infection-process

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1053
  • Proud Community Member&Helper.
Re: Is Stuxnet worm the most innovative ever?
« Reply #6 on: September 22, 2010, 10:15:32 PM »
do they have computers at iran?it's like sitting on pc and trying to avoid bombs ;D
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: Is Stuxnet worm the most innovative ever?
« Reply #7 on: September 29, 2010, 12:49:52 AM »
Hi malware fighters,

Various av researchers are perplexeded by the organizational skills and the complexity behind the development of stuxnet worm after having analyzed this malware. Those behind it were on a mission to break in into as many corp. networks as they could and knew they weren't found out. The developers worked as a team of people of various backgrounds to create this half megabyte miscreation made up of many languages, like C, C+ and various object-oriented languages. Iran was the main target of the worm, because 60% of infections found place there, and the attacks must have been part of a big, big project, there was even a counter on the infected pendrive used to infect. Stuxnet makes use of five exploits, four of them are zero-days, together with legit certifications from Realtek and JMicron. About the SCADA-site of the malware "In most SCADA-networks there is no logging and there is minimal protection used and the patchcycle is very slow. Therefore the use of MS08-067 was just right,vaccording to Kaspersky Lab's Roel Schouwenberg,  re: http://news.idg.no/cw/art.cfm?id=1A47A9A1-1A64-6A71-CE9A3AA0B72636B7

polonus

another re-written article...at least here you gave the link...but that didn't prevent you from posting the content as if it was from you, again, without quoting anything as usual ::) >>>> the link here is no reference, it's the original content, ripped off and reposted (and most likely mixed with another "found" article that you didn't mention).

« Last Edit: September 29, 2010, 12:53:08 AM by Logos »
w7 - ais7

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Is Stuxnet worm the most innovative ever?
« Reply #8 on: September 29, 2010, 07:46:53 PM »
Thanks for the info. polonus.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek