Is Stuxnet the 'best' malware ever? - ComputerWorld

veritas_libertas

Is Stuxnet the 'best' malware ever? - Computerworld

Paul Boz

Polymorphic worms with multiple payloads are pretty nasty. Worms get more sophisticated every day. If you think this worm is nasty you should wrap your brain around whats out there and unreported. Many of these bits of malware propagate for months before they're detected.

Netstudent

I read about this today. Scary stuff. I have a feeling this one is a little more dangerous than your typical espionage attack considering the number of 0 day vectors it used to get in.

I'm anxious to know what else will be learned about stuxnet as the security community continues to crack into the code.

I'm not sure if I should be surprised in the vulnerabilities in Siemens' SCADA, considering the sophistication of the malware.

L0gicB0mb508

Honestly, this isn't your run of the mill malware. This is basically a weapon programmed to hit a certain target. Multiple SCADA systems are infected, but they weren't attacked. It is actually fingerprinting its target. More than likely this is the work of a military organization.

Paul Boz

L0gicB0mb508 wrote: »

Honestly, this isn't your run of the mill malware. This is basically a weapon programmed to hit a certain target. Multiple SCADA systems are infected, but they weren't attacked. It is actually fingerprinting its target. More than likely this is the work of a military organization.

I'd be willing to say that probably half of the malware on the internet is government sponsored in some way shape or form.

subl1m1nal

It's probably the work of the US government or ally. Think about why the US would want to know about Iran's infrastructure facilities. We want to know how nuclear capable they are.

DevilWAH

Blockbuster Worm Aimed for Infrastructure, But No Proof Iran Nukes Were Target | Threat Level | Wired.com

another post from wired (bit over hyped as always from them )

Bl8ckr0uter

I wonder what certs they have lol

Unforg1ven

Bl8ckr0uter wrote: »

I wonder what certs they have lol

i lol'ed

colemic

This is actually something to watch closely - if it is ever determined what gov. entity is behind it, there will be consequences, not just threats of attacks... especially if it is the USA or Israel. A BBC article I read earlier said 60% of the infections worldwide were in Iran, so I would say that's a fair indicator that it was targeted at them.

4 zero-day exploits, valid (although stolen) digital signatures, welcome to the future of warfare.

L0gicB0mb508

Bl8ckr0uter wrote: »

I wonder what certs they have lol

Nuclear Malware+
Cyber Weapons+
Certified Cyber Ninja

Bl8ckr0uter

L0gicB0mb508 wrote: »

Nuclear Malware+
Cyber Weapons+
Certified Cyber Ninja

On a serious note though, where you acquire that level of skill? I mean that has to be way, way beyond what they are teaching at most schools.

colemic

I would imagine there are a LOT of people involved in writing a code that complex (I believe it was around 500K in size.) You simply take industry coding experts and then try to package it all together, I guess.

I have no idea where they find people that have that kind of cyber ninja skills, but I would imagine the NSA has quite a few. Probably raid MIT's grade book, LOL

dynamik

Bl8ckr0uter wrote: »

On a serious note though, where you acquire that level of skill? I mean that has to be way, way beyond what they are teaching at most schools.

PENETRATION TESTING TRAINING - ONLINE @ INFOSEC INSTITUTE

That's how I'm spending approximately 75% of my 2011 training budget. It's really not that out-of-reach.

Start with Hacking: The Art of Exploitation (2nd) and The Shellcoder's Handbook if you're looking for a couple of books.

L0gicB0mb508

Bl8ckr0uter wrote: »

On a serious note though, where you acquire that level of skill? I mean that has to be way, way beyond what they are teaching at most schools.

I would say that the task is broken down into specializations. Each little team would have their hand in creation. Obviously they would need someone to know the SCADA systems extremely well, someone to actually write the exploit, and probably some crypto people involved as well. The initial reports of this seemed to think it was brought in via usb flash drives by contractors. You would obviously need some type of operator to gather intelligence on the people you are planning to use as the mule and carry out the mission of installing the code on their drives.

This is about the worst case scenario for SCADA systems. A lot of experts touted that SCADA was not really susceptible to attacks because they should have no contact with the outside world. This attack eliminates the need, and runs without any connection to the outside world.

L0gicB0mb508

Paul Boz wrote: »

I'd be willing to say that probably half of the malware on the internet is government sponsored in some way shape or form.

I would go along with that to a degree. This is far beyond what most are capable of though. SCADA is however quite frequently targeted. If you do a lot of intrusion detection work you will see some of the more well known SCADA ports being hit pretty frequently. I doubt this method works, but they give it a go anyway.

DevilWAH

Bl8ckr0uter wrote: »

On a serious note though, where you acquire that level of skill? I mean that has to be way, way beyond what they are teaching at most schools.

In your bed room with a PC and lots of Pizza and Coke.

All of the true experts in any field of IT are the guys who Learn a little bit on courses and then have enough intrest and self motivation to take that knowlage and delve in to it untill they completly understand it to the finest degree.

When you talk about some one like Stephen Hawkins having such deep understanding of Physics, you don't ask where he acquired it all from. Becasue so much of what he knows is self taught and thought up. It's the same with these guys, people who know this much about stuff learn it because they are the true Nerds/Geeks of the IT security world, they live and breath this stuff.

Having delt with a few PEN testing guys you can tell the good ones from the poor ones. If you mention something to a good guy they haven't heard before, they come in the next day knowing it inside out and back to frount becasue they have spent all night playing around with it.

I don't really think this needs goverment funding to achive, just a group with some money behind them and well orginised. most of these cases it is comming up with the idea and orgnising it, that is the stumbling block, not the money invloved. There are plenty of well funded well orgnised non goverment groups tha would love to attack Iran. And who would be more than capabable of carrying out some thing like this.

On a side note looking at the logs on a internet facing firewall, it is shocking to see the large number of probs and connection attempts comming in. And when you see the tools that script kiddies can get there hands on (like nmap for example) if do find it suprising there are not more serious attacks happening.