Stuxnet Paper Updated

Speculation continues to rage about Stuxnet, now rumoured to have infected an English nuclear powerplant , though French owners EDF have denied it. But at least the estimable Rob Rosenberger shares my dislike of what he calls "this fetish for sexy computer news" in a recent SecurityCritics newsletter, and cites my recent blog at (ISC)2 as well as luminaries such as Bruce Schneier, Mary Landesman, and Chet Wisniewski.

In the meantime, the "Stuxnet under the microscope" white paper has been updated.today on the ESET white papers page: details follow.

Stuxnet Under the Microscope
By Alexandr Matrosov, Eugene Rodionov, David Harley and Juraj Malcho, September 2010

Version 1.2 of a comprehensive analysis of the Stuxnet phenomenon, updated to include pointers to additional resources and some further information on the Task Scheduler exploit as yet unpatched.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Author David Harley, ESET

  • curious

    Could you tell me about the task scheduler vulnerability account environment in win7?
    I tested some account cases.
     
    1. a normal user with no password
    - Cannot create a job
    2. a normal user with password
    - can create a job but it requires a password input so I think stuxnet's malcode is not doing well..
    (malcode doesn't know user's password)
    3. a admin user with password
    - can create a job
    - it doesn't matter forging crc32
    - just make a job xml files with system privilege and create it as a job, have done.
     
    which account is correct case of stuxnet?
     
    thank you
     
     
     
     

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

2 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.