Stuxnet

[Cid_MCDP 0]

Interesting read-

 

http://www.computerworld.com/s/article/918...mp;pageNumber=1

 

Long story short, it's a super-complex virus that upon infecting the target, uses several day-zero exploits Microsoft exploits to try and gain control of industrial controls software running on the target PC to change instructions in those programs resulting in real-world damage. It's main target appeared to be Iranian in nature and some of the top anti-virus gurus think it's way too good to have been produced by a private group.

[Asprilla 96]

I read about this the other day but I got part of the way into the article and then I stopped understanding it so I closed the tab.

[Happy Face 29]

Modern equivalent of smallpox on a blanket?

 

[Cid_MCDP 0]

Can't say it's groundbreaking myself

 

malware/worms have exploited holes for years, yes they tended to only aim for one or two but these were times when implementing some of them might catch you a file size of 1mb, which back in the day was noticeable.

 

Not so much now

 

With operating systems being totally "plug n play" make it much much easier to keep sizes down and support high.

 

everyone wants it easy, so everything now is included for you, a pc has to be able to cope with every possible thing the modern home might want to do or stick in it.

back then you wanted to lob in some sort of client/server setup or something with features, you needed the runtime libraries to make it happen..because your host just might not have them installed and you needed them to use functions that were outside of the basic assembly.

 

Now with .net and all the advanced online capabilities its considerably easier, and with everyone on broadband filesize doesnt matter as much...and it'll always spread quicker

 

From TFA-

"I'd call it groundbreaking," said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab. In comparison, other notable attacks, like the one dubbed Aurora that hacked Google's network and those of dozens of other major companies, were child's play.

"Using four zero-days, that's really, really crazy," said Symantec's O Murchu. "We've never seen that before."

 

Neither has Kaspersky, said Schouwenberg.

 

But the Stuxnet wonders didn't stop there. The worm also exploited a Windows bug patched in 2008 with Microsoft's MS08-067 update. That bug was the same vulnerability used to devastating effect by the notorious Conficker worm in late 2008 and early 2009 to infect millions of machines.

 

Once within a network -- initially delivered via an infected USB device -- Stuxnet used the EoP vulnerabilities to gain administrative access to other PCs, sought out systems running the WinCC and PCS 7 SCADA management programs, hijacked them by exploiting either the print spooler or MS08-067 bugs, then tried the default Siemens passwords to commandeer the SCADA software.

 

They could then reprogram the so-called PLC (programmable logic control) software to give machinery new instructions.

 

On top of all that, the attack code seemed legitimate because the people behind Stuxnet had stolen at least two signed digital certificates.

 

"The organization and sophistication to execute the entire package is extremely impressive," said Schouwenberg. "Whoever is behind this was on a mission to get into whatever company or companies they were targeting."

 

"Someone had to sit down and say, 'I want to be able to control something on the factory floor, I want it to spread quietly, I need to have several zero-days,'" O Murchu continued. "And then pull together all these resources. It was a big, big project."

Edited September 25, 2010 by Cid_MCDP

[Phil 6]

Anti-virus companies scare scaremongering.

[Cid_MCDP 0]

Anti-virus companies scare scaremongering.

 

Sorted.

[Phil 6]

Auto running a .lnk file via file browsing is interesting. Quite a lot of the non-scene torrents include a .lnk file.

 

Microsoft have removed .lnk Shell access because of this. I wonder if that'll break desktop shortcuts

 

Microsoft acknowledge it's existence;

http://blogs.technet.com/b/mmpc/archive/20...xnet-sting.aspx

 

..and quietly patching the bigger issue (lnk access to Shell);

http://support.microsoft.com/kb/2286198