Stuxnet amazes me. My first tech job was (in part) installing anti-virus on every computer in the Univ KS Library system, 1989-90. MS-DOS days. I've been an avid watcher (not expert) of malware since. I've watched the Internet arrive and embedded computer/automation revolutions. This 20yr perspective brings me to the following conclusion.
Other than "jacking in" and other fluff Stuxnet does pretty much exactly the kinds of things that CyberPunk Sci-fi described a decade ago.
This reads like a section from a sci-fi novel. Once more reality is catching up with cyberpunk.
I'd love to know what it's supposed to do when it reaches its target. Surely the creator would have had to have some sort of blueprints for the target system to successfully set it up to create more than collateral damage.
I'm very curious about what it's supposed to do as well. I work with SCADA systems, and I can confirm that it would be difficult/impossible to tell without knowing exactly what system it's targeting. SCADA systems are often controlled by writing to "points," which typically have numeric addresses. So point 35 might control the valve position in one installation, but it could control something totally different in another. You'd need to know the layout of the targeted system to know what parameters are controlled by what points.
It said the registry key Stuxnet plants to indicate whether a system is already infected has the value 19790509. Then it said an Iranian Jewish business man was executed on that date for spying. Also the home directory where the virus was originally compiled was called Myrtus. Which may contain another clue...
I'm not really buying this. You're making a lot of assumptions. That Iran is the target, that the number is a date, that the date refers to that particular event, etc.
The link between the word "Myrtus" and the Old Testament seems really strained. It's the name of a plant. It features prominently in Greek mythology -- maybe the Greeks did it?
Chances are that if you pick a date at random, there will be some heinous crime that the Iranian regime has committed on that day. As to myrtus. Even if we assume that whoever did this knew that myrtus=hadas, very few Israelis who aren't biblical scholars would associate the name Hadas with queen Esther.
I would say that if this is the best we have, then it's pretty certain it's not the Israelis who did this.
"Siemens announced last year that Simatic can now also control alarm systems, access controls and doors. In theory, this could be used to gain access to top secret locations. Think Tom Cruise and Mission Impossible."
I've been reading pretty much everything I can find about Stuxnet so far, but haven't heard this before. If it's true Stuxnet might really be living up to the hype that it's the "first malware of it's kind."
I've read that there are three stolen Microsoft Authenticode certificates being used by stuxnet authors to sign the malware. I've used these sort of certs myself to sign executables. They require passphrases to use. I could believe that they cracked one passphrase to use one cert, but three? All from different companies too.
While it is pretty difficult to answer what a piece of code written by a government would look like, a useful piece of information is also that the code targeted 4 different 0-day bugs [1].
If we consider previous reports on 0-day pricing [2], this alone could put the cost fo the worm at over $200000 making it more likely to be built by a well funded adversary.
Isn't the question better posed as was it funded by a government? And how did they choose whom to hire? Maybe the private armies are getting into cyberwarfare...
Wait, since when have governments been better at writing code than small groups of talented amateurs? Have I fallen through a portal into mirror-universe HN?
This is the stuff of movies, but do you think its very wise to write this kind of software for a government? Perhaps if you can somehow stay anonymous..
I could see a lot of nefarious individuals learning from this and using it to cause tragedies for short-term gain (i.e. shorting a stock). It does seem quite stupid to open up the door on something that could cause so much harm.
Even when autorun is disabled, Windows will parse through the autorun.inf file. This should have been patched with KB967715.
U3 enabled devices have been known to override the default settings in order to emulate CD-ROM drives.
Double clicking the flash-drive icon can also force execution of binaries, but I am unsure of how that works and if it is related to the user's autorun settings or not.
Ok, actually I do retract that. It's an excellent overview - I just didn't like the small pieces of speculation they did drop in without marking them as such ;)
[+] [-] njharman|15 years ago|reply
Other than "jacking in" and other fluff Stuxnet does pretty much exactly the kinds of things that CyberPunk Sci-fi described a decade ago.
I flippin love living in the future.
[+] [-] rm-rf|15 years ago|reply
[+] [-] rm-rf|15 years ago|reply
[+] [-] _b8r0|15 years ago|reply
[+] [-] chris_l|15 years ago|reply
I'd love to know what it's supposed to do when it reaches its target. Surely the creator would have had to have some sort of blueprints for the target system to successfully set it up to create more than collateral damage.
[+] [-] humbledrone|15 years ago|reply
[+] [-] Tycho|15 years ago|reply
[+] [-] eli|15 years ago|reply
The link between the word "Myrtus" and the Old Testament seems really strained. It's the name of a plant. It features prominently in Greek mythology -- maybe the Greeks did it?
[+] [-] anonanonanon|15 years ago|reply
I would say that if this is the best we have, then it's pretty certain it's not the Israelis who did this.
[+] [-] adrianwaj|15 years ago|reply
[+] [-] Tichy|15 years ago|reply
On the other hand, if you solve the puzzle, maybe you can sell your story to Hollywood.
[+] [-] aufreak3|15 years ago|reply
[+] [-] TrevorJ|15 years ago|reply
That one caught me off guard.
[+] [-] twymer|15 years ago|reply
I've been reading pretty much everything I can find about Stuxnet so far, but haven't heard this before. If it's true Stuxnet might really be living up to the hype that it's the "first malware of it's kind."
[+] [-] 16s|15 years ago|reply
[+] [-] mfukar|15 years ago|reply
[+] [-] Garbage|15 years ago|reply
[+] [-] mh_|15 years ago|reply
[1] http://en.wikipedia.org/wiki/Zero-day_attack [2] http://weis2007.econinfosec.org/papers/29.pdf
[+] [-] chris_l|15 years ago|reply
[+] [-] hugh3|15 years ago|reply
[+] [-] scrrr|15 years ago|reply
[+] [-] atomical|15 years ago|reply
[+] [-] flipbrad|15 years ago|reply
[+] [-] statictype|15 years ago|reply
[+] [-] uxp|15 years ago|reply
U3 enabled devices have been known to override the default settings in order to emulate CD-ROM drives.
Double clicking the flash-drive icon can also force execution of binaries, but I am unsure of how that works and if it is related to the user's autorun settings or not.
[+] [-] Riesling|15 years ago|reply
"The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed."
[+] [-] somewhere|15 years ago|reply
[+] [-] pilate|15 years ago|reply
[+] [-] losethos|15 years ago|reply
[deleted]
[+] [-] ErrantX|15 years ago|reply
[+] [-] ErrantX|15 years ago|reply