Comments on: Cyberwar, Cyberhysteria News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 By: Charles Jeter Mon, 18 Oct 2010 17:59:33 +0000 Hi Davi,
Great point, I just answered a similar one in another thread. Yet the hardest part of the disgruntled insider view is figuring out how the forged certificates came into play. That's two commercial burglaries in a fairly well policed section of Taiwan, if physical, or if cyber it's two separate networks compromised in the same physical proximity…

By: David Harley Tue, 28 Sep 2010 14:40:20 +0000 Hi Mauro.

This is the answer from Aleksandr Matrosov.

“Mechanisms of deactivation and infection counter occurred in all our analyzed samples. Time of activation/deactivation can be changed by commands from C&C servers. The deactivation time for one of the samples we have analyzed is the 24th of June, 2012.”

By: David Harley Tue, 28 Sep 2010 01:41:04 +0000 Yegor, the figures in the Stuxnet analysis reflect ThreatSense figures from July to late September. Obviously, the July figures were a snapshot much earlier in the infection cycle. I’d expect a spike at that point (and in fact the Iran figures over time show a sharp spike, a fairly sharp decline almost immediately, then a soft decline over the rest of the period).

By: Davi Ottenheimer Tue, 28 Sep 2010 01:22:01 +0000 I’d wager it could easily be an attack staged by a disgruntled ex-pat/insider rather than an outside or state agent.

You don’t have to read Persepolis to understand why NAMIR never really ended.

Support from a state agent is a different story, as operation Ajax demonstrated. The sad irony of Ajax is that Mossadegh played into the hands of the CIA by becoming scared, reactionary and dictatorial. In others words, even if you want to believe that Stuxnet is a conspiracy it is best to remain calm and level-headed about security.

By: Mauro Mon, 27 Sep 2010 15:37:30 +0000 Hi David,
A question about the paper ESET published on Stuxnet. On page 52 you speak about the Bot Configuration Data. The activation and deactivation time after which the worm is active/inactive is always the same in every sample you analysed? Can you tell us more about it? When will the worm inactive?
Many thanks for the important paper ESET distributed

By: Yegor Sun, 26 Sep 2010 12:17:44 +0000 The big difference.

United States