Added to Stuxnet resources page…

…an article by William Gibson (yes, that William Gibson) draws a connection between Brain (a 25-year-old PC virus) and Stuxnet. 25 Years of Digital Vandalism. He doesn't seem to think much of Stuxnet, drawing a much-to-the-point riposte from Bob McMillan:!/bobmcmillan/status/30533396702699520.

Links added to Stuxnet Information and Resources (3).

ESET Senior Research Fellow

Author David Harley, ESET

  • Rick Gamache

    I keep hearing this chatter about STUXNET and how "unimpressed" people are with it. I've also hear a lot of security professionals downplaying its significance and even heard one claim that Iran wasn't even probably the intended target. Oh really?  It just seems to me, that a good many people in our profession are tripping over themselves to deemphasize STUXNET as not all that technically creative and a mishmash of old vulnerabilities. It just strikes me as odd.
    Fact remains, whether or not STUXNET lacks sophistication to raise the eyebrows of seasoned security professionals, it underscores a much deeper and more complex problem.  The fact that such rather unsophisticated means were used to target and destroy, albeit temporarily, Iran's nuclear aspirations is yet another reminder that our nation's infrastructure need a thorough examination from top to bottom, not of the latest threats, but of vulnerabilities that are less sexy and are often overlooked.
    Just my thoughts, David.  It's been bugging me.  That aside, ESET's coverage of STUXNET has been excellent!  Thank you.
    Rick Gamache, CISSP

    • David Harley

      Thanks, Rick. I have to admit that the present rush to define Stuxnet as nothing very much seems to me at least as odd as the earlier mythmaking about it being the superbug that signalled the end of civilization as we know it. Of course, it’s neither, and I think the current urge to diss has as much to do with media boredom and fickleness.

      Speaking from a malware research point of view, I’d say that some of it is rather clever, some of it is not so clever. While we have a fair grasp of how it works on a binary level these days, there’s still a lot we don’t know for sure about it. But it’s certainly significant. The US isn’t actually my nation, as it happens, but I agree that your nation and mine, not to mention the world in general, have a lot more to learn from the Stuxnet phenomenon. Not only in terms of what it does, but also in terms of our response to it. And, as you say, searching out the other known and unknown potential attacks on critical infrastructures.

  • Rick Gamache

    David, thanks for your response.  I agree completely with your sentiments.  I will say this, STUXNET has made for some really good reading and some good coffee talk!   Cheers!

Follow us

Copyright © 2017 ESET, All Rights Reserved.