Monday, September 27, 2010

Stuxnet worm

Since a few days I'm reading all I found about this newly found worm called Stuxnet.
This malware is something never seen before it uses 2 valid certificates one belonging to Realtek
and the other one to JMicron, and also uses 4 windows 0-Day exploits, everything in order to
attack Siemens SCADA (supervisory control and data acquisition) systems, that means that it
was designed to attack industrial control systems.

The amount of 0Day used, the software complexity and the extremely specific targets selected
suggest someone with tons of money was involved in it and that this is product of team work,
and the fact that the most heavily infected country is Iran suggest that this was created to attack
Iran's nuclear energy plants. And it seems it succeeded as Iran confirmed that computers from
Bushehr nuclear power plant were infected.

Maybe this was created by a Tiger Team from US or Israel?

Guys from ESET created a really nice white paper explaining Stuxnet inner workings, you can
get a copy from HERE also people from Symantec wrote about the PLC infection process, you
can see it HERE.

Symantec's guys also plan to release a paper at Virus Bulletin conference, to be held in
Vancouver this September 29th, called "An indepth look into Stuxnet" that supposedly will
reveal more details about this fascinating malware.


No comments:

hit counter script