Analysis of the Flame worm (Win32/Flamer) reveals some interesting facts about the internal structure of its main module.
ESET Researchers have investigated Win32/Duqu's RPC mechanism.
In fact, the real interest of the document lies in the extensive overview (12 closely-typed pages without graphics and such) of the DHS view of its own cybersecurity mission.
I've stopped maintaining Stuxnet resource pages recently, but occasionally I come across an article that adds something useful to the mix, or simply summarizes aspects of the Stuxnet story neatly and accurately. Besides, its authors must be feeling a little left out with all that fuss about TDL4. ;-) A recent report in Wired gives
...the 'next Stuxnet' probably won't be any such thing, whatever we may choose to call it...
Cyber Security pundits have been keenly watching the development of nascent state targeted attacks such as the Stuxnet worm with interest for some time and warning of the possible implications, but now it’s official. According to The Wall Street Journal, “The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public
Kelly Jackson Higgins in a Dark Reading article tells us that Malware Attacks Decline In SCADA, Industrial Control Systems, quoting a report published by the Security Incidents Organization drawing on its Repository of Industrial Security Incidents (RISI) database. One aspect that’s attracted attention on specialist lists is the mention of a large US power company
Added 5th March 2011 to the Stuxnet resources page at http://blog.eset.com/?p=5945...
Some extra resources: J. Oquendo takes a cold, clear look on Infosec Island at some of the hype that surrounds the Stuxnet story: Cyberterrorism – As Seen On TV While Visible Risk, while by no means entirely negative about the Vanity Fair Stuxnet story (see http://blog.eset.com/2011/03/02/more-on-stuxnet), makes an entirely reasonable point about Irresponsible Sensationalism. I
A few more developments in the Never-Ending Story: Michael Joseph Gross on A Declaration of Cyber War in Vanity Fair. Despite a somewhat breathless tone in the introduction – "the world’s top software-security experts were panicked by the discovery of a drone-like computer virus" (where's my Valium?!) – actually a comprehensive and largely accurate account. It
Links added today to the Stuxnet resources page...
Links to two Stuxnet-related stories have been added to the resources page at /2011/01/23/stuxnet-information-and-resources-3/. Kim Zetter, in Wired's "Threat Level" column Report: Stuxnet Hit 5 Gateway Targets on Its Way to Iranian Plant, summarizes the latest update to Symantec's Threat Dossier. Symantec researchers now believe that Stuxnet targeted five organizations in Iran as staging posts
...the conclusion does support what does appear to be the official Iranian line that this was an attack against Iranian nuclear operations, but that it wasn't successful...
Added to the Stuxnet (3) resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3.
…an article by William Gibson (yes, that William Gibson) draws a connection between Brain (a 25-year-old PC virus) and Stuxnet. 25 Years of Digital Vandalism. He doesn't seem to think much of Stuxnet, drawing a much-to-the-point riposte from Bob McMillan: http://twitter.com/#!/bobmcmillan/status/30533396702699520. Links added to Stuxnet Information and Resources (3). David Harley CITP FBCS CISSP ESET
This is the 3rd volume of an ongoing Stuxnet resources blog article, supplementing our paper "Stuxnet Under the Microscope". Volume 1 is at http://blog.eset.com/?p=5731, and volume 2 is at http://blog.eset.com/?p=5913.
[Update 23rd January 2011: volume 3 of this resource has just kicked off at /2011/01/23/stuxnet-information-and-resources-3/: volume 1 is at /2011/01/03/stuxnet-information-and-resources/.] @imaguid microblogged today about his annoyance at "the analysts and journalists who breathlessly fawn over #stuxnet", and suggested that we call it even. I hope he won't think I'm fawning by maintaining resource lists in
The Stuxnet analysis "Stuxnet Under the Microscope" ... has, unlike most ESET white papers, been subject to a number of revisions as we've come to know more about the malware itself, and as the purposes of its perpetrators have become clearer. However, since all the known vulnerabilities exploited by Stuxnet have now been patched, version 1.3x of the document is likely to be the last substantial revision.
Version 1.3 of the Stuxnet Analysis white paper is now available on the white papers page at http://www.eset.com/documentation/white-papers.
...among the 17 security bulletins just released by Microsoft on Patch Tuesday, MS10-092 addresses the Task Scheduler vulnerability prominently exploited by Win32/Stuxnet...