Stuxnet cannot covert stay fallout from the failed to hit the target year may, security researchers said today.
Designed to manage, and monitor intrusion heavy-duty industrial control program of the factory, oil pipeline, power plants, and other important installation, worms, only on the radar of the researchers this summer, nearly a year after first could launch pop.
In one of the two has spent most of their time analyzing Roel Schouwenberg, senior antivirus antivirus researcher, Kaspersky, Stuxnet security companies, "obviously, the purpose of target or targets, to spread beyond" and said.
Graphic: San Diego AguirreMost researchers which means that almost certainly the Government was built by backup well-financed, high-performance team--"they"breakthrough"was--refined its Stuxnet agreed. Goals of this worm is Iran, possibly was in emerging nuclear power energy program in the system.
This week in the beginning, Iranian officials admitted the Stuxnet Southwest Iran nuclear power plant in the thousands and the introduction of Windows PC had been infected. They attacked the facilities, however, were damaged or rejected the contribution Stuxnet known delays, nuclear reactor construction.
But if was aimed to the specific target list Stuxnet is, why the PC thousands of Iran, China, Germany, Kazakhstan, Indonesia as until country fling outside has spread?
"It's something we is a baffling search" and Liam O Murchu, Operations Manager of security response and the worm code analysis, co-author of the paper.
Stuxnet makers went bad Murchu O said something, even if obviously included measures to limit its spread.
O Murchu counter to limit the spread to the original infection methods, just three PC was infected USB drive is included. He said "that no attacker very far to spread Stuxnet fanboy's clear this is". "They are close to the original infection point still wanted to. 」
O Murchu research also for 21 days-propagation window. In other words, worm terminate calls to other machines in the network prior to migrate only three weeks.
anti-propagation measures despite widely used Stuxnet is. Why not?
Because initial attack failed to do what Kaspersky Schouwenberg Stuxnet manufacturers were infected USB drive as it wants.
See the version of the worm lacked Schouwenberg, multiple Windows zero-day vulnerability that contains more aggressive propagation mechanism, said "the first variant is in not achieved its target I guess". "They went in to create a more advanced version to reach the goal".
O Murchu was developed in March of this year is more complex than the said version is "according to the attention of all Schouwenberg have" what was in. Before you discovered June first antivirus vendors Belarus from lesser-known previous edition already months--work and also long, had been. "Take Stuxnet creators gambling since the first version was not popular enough that the stealthy, and abandoned the idea of" the Schouwenberg.
Schouwenberg theory is the first attempt realized Stuxnet decided to raise the ante and failed and penetration target which was to simply repeat attacks rather than developers.
He said "they many times and spent the money Stuxnet Schouwenberg. "How likely they again [USB-only vector and trying, and maybe again fails, you can take the risk of the spread by adding more features to worms. 」
That was said not that fails to control the industrial system in this way, running its inclusion in infected O Murchu worm creators, but the code itself is clearly providing a clue has been reached.
To add a new how to find specific PLC programming logic controls to hijack the evolution Conference over Stuxnet hours Friday morning, the hardware in the hope to distribute network on O Murchu and clearly, and has said. O Murchu said "it is possible in the earlier version then the attacker does not manage the target all". "Stuxnet increase, sophisticated 2010 they never had reached the goal it might be. 」
Said could Stuxnet proliferation and Schouwenberg country or country itself to create a worm affected by its spread. But it was calculated was pleased this worm developers might risk.
There may have been the risk is very small. "Perhaps using Siemens PLC, isn't affected by their own critical infrastructure Stuxnet knew," said Schouwenberg.
Giant Siemens tried to grab control of the PLC to manufacture electronic equipment in Germany alone Stuxnet offers large industrial control hardware and software from Iran.
O Murchu research Schouwenberg speculation seemed to back up. Look to verify the existence that specific type PLC Stuxnet he said today. Very popular models but what hardware targets in used knew does not appear. Infected with certain models of network cards only code using PLC.
Both Schouwenberg may be known, and O. Murchu said Stuxnet manufacturer IDs. However, some code in Israel, or clues to behind cyber attacks of hackers points over Israel, Iran that I think everyone wanted.
"" The spread is said is nothing to lose by worms, Schouwenberg was really the author takes responsibility for an attack.
Read more about the security at the Computerworld security topic Center.
For more enterprise computing news, see Computerworld. Story copyright ? for all 2010 Computerworld co., Ltd. rights reserved the.
No comments:
Post a Comment