Tuesday, October 19, 2010

Stuxnet - The Marvellous Malware

Computerworld - The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals.

It's amazing, really, the resources that went into this worm," said Liam O Murchu, manager of operations with Symantec's security response team.

“With the forensics we now have it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge,” wrote Ralph Langner, the CEO of Langner Communications, on the company website.

“The attack combines an awful lot of skills - just think about the multiple 0day vulnerabilities, the stolen certificates etc. This was assembled by a highly qualified team of experts, involving some with specific control system expertise.”

“Based on a conditional check, original code for OB 35 is manipulated during the transmission. If the condition matches, Stuxnet injects Step7 code into OB 35 that is executed on the PLC every time that OB 35 is called,” Langner explained in a brief report.

Yet, the really interesting aspect to Langner’s research is the conclusion that the attack was designed to have a short shelf life.

“Therefore, the whole attack only makes sense within a very limited timeframe…So we can conclude that the planned time of attack isn't somewhen next year. I must assume that the attack did already take place. I am also assuming that it was successful,” Langner commented.


Created by OnePlusYou - Free Dating Sites

No comments:

Post a Comment