|
- Iran: Eight Prisoners Hanged on Drug Charges
- Daughter of late Iranian president jailed for ‘spreading lies’ - IRAN: Annual report on the death penalty 2016 - Taheri Facing the Death Penalty Again - Dedicated team seeking return of missing agent in Iran - Iran Arrests 2, Seizes Bibles During Catholic Crackdown
- Trump to welcome Netanyahu as Palestinians fear U.S. shift
- Details of Iran nuclear deal still secret as US-Tehran relations unravel - Will Trump's Next Iran Sanctions Target China's Banks? - Don’t ‘tear up’ the Iran deal. Let it fail on its own. - Iran Has Changed, But For The Worse - Iran nuclear deal ‘on life support,’ Priebus says
- Female Activist Criticizes Rouhani’s Failure to Protect Citizens
- Iran’s 1st female bodybuilder tells her story - Iranian lady becomes a Dollar Millionaire on Valentine’s Day - Two women arrested after being filmed riding motorbike in Iran - 43,000 Cases of Child Marriage in Iran - Woman Investigating Clinton Foundation Child Trafficking KILLED!
- Senior Senators, ex-US officials urge firm policy on Iran
- In backing Syria's Assad, Russia looks to outdo Iran - Six out of 10 People in France ‘Don’t Feel Safe Anywhere’ - The liberal narrative is in denial about Iran - Netanyahu urges Putin to block Iranian power corridor - Iran Poses ‘Greatest Long Term Threat’ To Mid-East Security |
Wednesday 19 October 2011New Stuxnet-Like Worm Discovered
In June 2010, security experts, analysts, and software providers were warning IT managers about Stuxnet, a new computer worm that was spreading rapidly over the internet. Stuxnet was distributed by Windows machines, and the intent of the worm wasn't immediately clear. After a few months it was revealed that the vast majority of Stuxnet infections were in Iran, and Stuxnet seemed to have been specifically targeting the Siemens industrial control equipment used in the Iranian nuclear program. German security expert Ralph Langner was interviewed by NPR reporter Tom Gjelten earlier this year about Stuxnet, and Gjelten reported that Langner told him that the worm "almost alien in design" and believed that only the United States could be responsible for the attack. As more details emerged, it became clear that Stuxnet was likely developed by either Israeli or American intelligence agencies in an attempt to impede Iran's nuclear program. Both Israeli and American security officials have sidestepped questions about their involvement, but Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, stated at a December 2010 conference on Iran that "we're glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them." [Source: NPR’s Need to Know] Now security researchers from Symantec have revealed that they've discovered a new Stuxnet-like worm called W32.Duqu that shares much of the same code with Stuxnet. Symantec's Security Research blog posted details about Duqu yesterday: "Duqu shares a great deal of code with Stuxnet; however, the payload is completely different. Instead of a payload designed to sabotage an industrial control system, the payload has been replaced with general remote access capabilities. The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party. While suspected, no similar precursor files have been recovered that predate the Stuxnet attacks. According to Symantec, Duqu also functions as a keylogger designed to "capture information such as keystrokes and system information" but lacks the specific code related to "industrial control systems, exploits, or self-replication." Symantec's research team believes that Duqu is collecting information for a possible future attack, and seem to point the finger at the original creators of Stuxnet, since the creators of Duqu seem to have direct access to Stuxnet source code: The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party. While suspected, no similar precursor files have been recovered that predate the Stuxnet attacks. The arrival of Stuxnet signaled that cyberattacks have entered a new phase, with nation states and professional, highly-skilled programmers helping elevate cyberwarfare to a new, more sophisticated (and dangerous) level. Microsoft Technical Fellow Mark Russinovich offers up a fictional account of what can happen when terrorist groups turn to cyberwarfare in his novel Zero Day, and it's a chilling preview of what the future of warfare could look like. While many fingers are pointing at U.S. and Israeli intelligence service for creating Stuxnet – and possibly Duqu -- what happens when a hostile nation or well-organized terrorists develop the same level of cyberwarfare capability? Questions like these are undoubtedly keeping IT security professionals and experts at government security agencies awake at night. For more technical information on the Duqu worm, see Symantec’s W32.Duqu: The Precursor to the Next Stuxnet whitepaper [PDF] and a Symantec post that provides additional Duqu technical details. What are your thoughts on Stuxnet and Duqu worms? Let me know what you think by adding a comment to this blog post or starting up a conversation on Twitter. Source: http://www.windowsitpro.com/blog/security-blog-12/security/stuxnetlike-worm-discovered-140982 |
