...given the amount of detailed analysis that's already available (and I mean substantial blocks of reverse-engineered code, not high-level analysis and code snippets and descriptions), I'm not sure that anyone with malicious intent and a smidgen of technical skill would need the original code...
...an article suggests that "Stuxnet was developed to improve the quality of enriched uranium, so that it no longer can be used for the production of atomic bombs." It's an interesting theory, and I'm certainly not going to say it's wrong...
...Eric Chien ... tells us that "Stuxnet requires the industrial control system to have frequency converter drives from at least one of two specific vendors..."
...the "Stuxnet under the microscope" has been updated.today on the white papers page: details as following...
Tip of the hat to Bruce Dang and Dave Aitel for flagging an inaccuracy in ESET's Stuxnet report. And, indirectly, leading us to a blip in some PoC code which now looks even more interesting. (But that isn't going public yet.) The paper has been updated to remove the offending item. David Harley CITP FBCS
The Stuxnet analysis “Stuxnet under the Microscope” we published a few weeks ago has been updated...
Google translate is pretty cool, but they are missing a language. You can translate from Haitian Creole to Yiddish and from Galacian to Maltese, but you can’t translate from geekspeak to anything a regular person understands. The good part about this for me is that I have a job trying to do just that! David
...we also indicated in that paper that there are two Elevation of Privilege (EoP) vulnerabilities that we chose not to describe while patches were pending. One of these has now been patched, so we’re now able to publish some of the information we have on it. (When the other vulnerability has been patched, we plan to update the Stuxnet paper with information on both issues.)
This is an item you may not have seen amid all the speculation about Stuxnet, Iran and Israel.
The short answer is the media wants a cyberwar. Cyberwar is a dark, sexy, mysterious headline that sells and so each time something nefarious happens on the internet that potentially involves two or more countries, security experts are besieged with the question “Is this cyberwar”? Let’s look back to the 1989 book by Clifford Stoll
Just in case you haven’t heard enough from me on the topic of Stuxnet, the Security Week article I mentioned in a previous blog is now up at http://www.securityweek.com/stuxnet-sux-or-stuxnet-success-story. ;-) David Harley CITP FBCS CISSP ESET Senior Research Fellow
I guess I wasn't forceful, or controversial, or sensationalist, or ungeek enough to rate any column inches. So I'm going to give you a sneak preview ... in the light of all the speculation today on whether Stuxnet is an attack by Israel on Iran.
...we have just published a lengthy analysis that considers many of these questions, as well as discussing some of the characteristics of this fascinating and multi-faceted malicious code. The report is already available here, and will shortly be available on the ESET white papers page.
Here are a few papers and articles that have become available in the last week or two.
There have been recent articles with fantastic titles such as “New threat: Hackers look to take over power plants” and “Hackers Target Power Plants and Physical Systems” in the wake of the Stuxnet worm that targeted certain industrial control systems (ICS). The reality is that hackers targeting ICS is nothing new. I am not clear
As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the
We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat. Detection for Win32/Stuxnet and the shortcut (LNK) files
When you read about Stuxnet and that it used stolen digital certificates from Realtek and JMicron to sign the worm, you may have wondered what the significance of that is or why they did that. There are actually a couple of factors to consider. When you try to install certain types of software on Windows
These new families represent a major transition: Win32/Stuxnet demonstrates a number of novel and interesting features apart from the original 0-day LNK vulnerability, such as its association with the targeting of Siemens control software on SCADA sites and the use of stolen digital certificates, However, the new malware we're seeing is far less sophisticated, and suggests bottom feeders seizing on techniques developed by others. Peter Kosinar comments:
Perhaps you're getting as tired of this thing as I am (though with the information still coming in, I'm not going to be finished with this issue for a good while, I suspect). But without wishing to hype, I figure it's worth adding links to some further resources. There's a very useful comment by Jake