Analysis of the Stuxnet Worm

[baltoro]

You guys will find this video discussion fascinating: Cracking Stuxnet, a 21st-Century Cyber Weapon
The speaker is: Ralph Langner, a German control system security consultant. He has received worldwide recognition for his analysis of the Stuxnet malware. He tells us who he thinks actually engineered it. :eek
...Also, there is a long article in Vanity Fair magazine: A Declaration of Cyber-War, April 2011,...all about the Stuxnet Worm, and it's political effects.

[hutch--]

Thanks for the link, a very interesting guy.

[Magnum]

I saw a show this week on Stuxnet.

It was written to specifically attack a Siemens board used in a nuclear centrifuge.

It was used to cause the Iran nuclear centrifuge to operate at full speed which wrecked it.

They think it got in the computer system via a USB thumbdrive.  :U

[dedndave]

yes - that was an interesting video
i really like the way he ensures his own job security, too   :U
at the end, he mentions that there are many targets in US, Canada, Australia, Japan
i can see where he would like to take the wife and kids over the next few years

but, it sounds like he could use a good EE on board
they could have easily emulated the presence of a centrifuge
i'd help him out, but i'd like to travel to Europe - lol
Rome, Greece, Venice....

[shankle]

Funny, I was under the impression that engineers were an affluent bunch.
Guess I'll have to rethink that Dave. :bg

[dedndave]

if that were true, i would have already been to Rome, Greece, and Venice, Jack - lol

[ragdog]

The article in Wiki is better
http://en.wikipedia.org/wiki/Stuxnet

Kaspersky say about StuxNet
"now it is a new era of cyber-wars and cyber-terrorism"

[dedndave]

whoop-de-frickin-do
the first signifigant case of dropping code for one platform from a different platform,
and you'd think they invented a replacement for the wheel

[hutch--]

I am old enough to remember code that was picked up from a Win2000 server by MIPS processor servers and used to spread the code back to Win2000 servers only. Stuxnet may be new and exciting but cross hardware transfer of malicious data has been done long ago.

[baltoro]

Another excellent reference is: Symantec W32.Stuxnet Dossier, Feb 2011

[hutch--]

The Symantec article is very comprehensive albeit a bit long to read. There is still a viable solution for solving the problem, a disk image of known origin that is completely free of any infection that overwrites the boot drive. I have occasionally had to clean up a worm or rootkit and if you track changes on a computer well enough you catch it early enough to stop most of the damage. Delete out what you can find and you usually break the propagation method but are left with any mess it made on the way in.

You tend to do this mainly for the practice as once you have worked out what has happened and what can be done to stop the next one, you overwrite the entire partition with a clean disk image and the problem is completely solved.

[dedndave]

seems to me that the code they load into the controller could be verified prior to execution
a simple hash sum could be used, for example
the guy that originates the code has a clean copy - DOH !

this is basic stuff

[vanjast]

I've had my family on using my PC on and off for about a year now, and frequently discovered USB 'viruses' and things, attaching themselves to my PC.
I'm using a combination of RogueKiller, and ProcessTracker/Killer plus some admin rights to block this lot ( I only used single user (ME) with admin rights  :clap: )
The funny thing is that I never had this until the family got 'PC literate'  :bg.

The interesting thing about this one 'bug' is that it always changed it's name in the registry.. but it's signature was it's filesize (always 156K).
A clever little thing... so I'm busy decoding it with OllyDeRox.

Anyway I overdid the security thing and blew my system to pieces (my fault - bit rusty on PC admin  :green2), but now I'm back up and made a 'home network' on my PC for the family users 'locked in chains'. I managed to save all my stuff, except for my emails - still looking for this stuff.. it's here somewhere  :wink

[Astro]

Am I the only one that goes OH MY GOD NOT THIS LOAD OF BALLONEY AGAIN every time they read the word "Stuxnet"?

Kudos to whoever propelled it into the realm of most over-hyped piece of software ever.  ::) ::) ::)

So... code from one computer spread to another to do damage. Where is the news in this?

I couldn't stop laughing when Symantec wrote a brief saying how it spread to 50 million computers on the internet and how we should all be mega-concerned. Uhhh - who the F**K has a centrifuge connected to their computer? Are people so dumb as to miss the fact the internet aspect was to simply hide where the virus originated? It's called FOG OF WAR, and the foggier it was for the attackers, the better.