Is Stuxnet worm the most innovative ever?

Hi malware fighters,

Various av researchers are perplexeded by the organizational skills and the complexity behind the development of stuxnet worm after having analyzed this malware. Those behind it were on a mission to break in into as many corp. networks as they could and knew they weren’t found out. The developers worked as a team of people of various backgrounds to create this half megabyte miscreation made up of many languages, like C, C+ and various object-oriented languages. Iran was the main target of the worm, because 60% of infections found place there, and the attacks must have been part of a big, big project, there was even a counter on the infected pendrive used to infect. Stuxnet makes use of five exploits, four of them are zero-days, together with legit certifications from Realtek and JMicron. About the SCADA-site of the malware "In most SCADA-networks there is no logging and there is minimal protection used and the patchcycle is very slow. Therefore the use of MS08-067 was just right,vaccording to Kaspersky Lab’s Roel Schouwenberg, re: http://news.idg.no/cw/art.cfm?id=1A47A9A1-1A64-6A71-CE9A3AA0B72636B7

polonus

More The sky is falling scareware tactics :wink:

Hi YoKenny,

You can try to ridicule everything that we post here, but this malcreation was not the work of a lone malcreant script kiddie or came from the racks of the average cybercriminal.Stuxnet (a name derived from some of the filename/strings in the malware - mrxcls.sys, mrxnet.sys). The names of malware also gives certain clues for where we have to look for the origins thereof ;D

This was specially crafted and directed malware for a very specific targeted purpose/project that later became more widely known and used. Stuxnet infects Windows systems in its search for industrial control systems, and probably this source is reliable enough for you? Re: http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx
First identified in Belarus, re: http://www.wilderssecurity.com/showthread.php?p=1712146
and having a couple of variants: http://www.symantec.com/connect/blogs/w32stuxnet-variants,

polonus

I now see :o

On top of all this, we’ve identified yet another zero-day vulnerability in Stuxnet’s code, this time an Elevation of Privilege (EoP) vulnerability. The worm uses this to get complete control over the affected system. A second EoP vulnerability was identified by Microsoft personnel, and both vulnerabilities will be fixed in a security bulletin in the near future.
http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061

Hi YoKenny,

New interesting news about Stuxnet from Germany: http://www.langner.com/en/index.htm
Re also: http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices
Speculations about who are behind Stuxnet: http://threatpost.com/en_us/blogs/stuxnet-attack-shows-signs-nation-state-involvement-experts-say-080410
The Windows Print Spooler hole that Stuxnet abused, was over a year old before it was patched by MS last week,

polonus

Hi malware fighters,

New interesting reads speculating about the target of Stuxnet and the way Stuxnet worked: http://frank.geekheim.de/?p=1189 http://www.symantec.com/connect/ja/blogs/exploring-stuxnet-s-plc-infection-process

polonus

do they have computers at iran?it’s like sitting on pc and trying to avoid bombs ;D

another re-written article…at least here you gave the link…but that didn’t prevent you from posting the content as if it was from you, again, without quoting anything as usual ::slight_smile: >>>> the link here is no reference, it’s the original content, ripped off and reposted (and most likely mixed with another “found” article that you didn’t mention).

Thanks for the info. polonus.

http://www.microsoft.com/security/portal/blog-images/stuxnet-saturation-2010-07-16.png

Stuxnet a precision, military-grade cyber missile

http://www.earlytoday.co.nr/

http://www.nytimes.com/external/idg/2010/09/25/25idg-iran-confirms-massive-stuxnet-infection-of-industria-45754.html