Stuxnet: Cyberwarfare’s Universal Adaptor?

Now that cyberwarfare is out of the bottle, will anyone agree to not use it? In the summer of 1945 in New Mexico, the Trinity test gave rise to the term ground zero. Could Stuxnet may be measured as a definitive ground zero in cyberwarfare comparable to Trinity? Concerning Stuxnet’s latest rise in China, David

Stuxnet the Inscrutable

This is an item you may not have seen amid all the speculation about Stuxnet, Iran and Israel.

A Little Light Reading

1) Another Virus Bulletin conference paper has just gone up on the ESET white papers page, by kind permission of the magazine. Large-Scale Malware Experiments: Why, How, And So What? by Joan Calvet, Jose M. Fernandez, our own Pierre-Marc Bureau, and Jean-Yves Marion, discusses how they replicated a botnet for experimental purposes, and what use they

Lo que dejó Virus Bulletin 2010

Como les contaba la semana pasada, estuvimos representando a ESET Latinoamérica en Virus Bulletin, la conferencia más importante de la industria antivirus y antispam, donde los expertos de cada compañía exponen y presentan los temas más relevantes ocurridos durante el último año, o aquellas problemáticas en las cuales deberemos trabajar el próximo año. Este año

Stuxnet: ataque a sistemas de control industrial

Mientras los especialistas de la industria antivirus debaten sobre los temas de relevancia en materia de amenazas en la conferencia Virus Bulletin, aprovechamos la oportunidad para contarles justamente sobre una de las amenazas que fueron tratadas a través de dos papers en el evento, con un amplio debate suscitado el día de ayer. Se trata

From sci-fi to Stuxnet: exploding gas pipelines and the Farewell Dossier

In researching today’s SC Magazine Cybercrime Corner article “From sci-fi to Stuxnet: Exploding gas pipelines and the Farewell Dossier”, I came across this ‘Damn Interesting’ article which showcases the successful cyberwarfare compromise of a SCADA / pipeline control system nearly thirty years ago, an event which I had heard stories about in Navy circles but

Yet more Stuxnet

Just in case you haven’t heard enough from me on the topic of Stuxnet, the Security Week article I mentioned in a previous blog is now up at http://www.securityweek.com/stuxnet-sux-or-stuxnet-success-story. ;-) David Harley CITP FBCS CISSP ESET Senior Research Fellow

Iran Admits Stuxnet Infected Its Nuclear Power Plant

While the defining research on the Stuxnet topic doesn’t go this far, Forbes writer Trevor Butterworth went out on a limb to name names along with detailing the warfare aspects: As I noted last week – and as the news media have only begun to grasp – Stuxnet represents  a conceptual change in the history

Cyberwar, Cyberhysteria

I guess I wasn’t forceful, or controversial, or sensationalist, or ungeek enough to rate any column inches. So I’m going to give you a sneak preview … in the light of all the speculation today on whether Stuxnet is an attack by Israel on Iran.

ESET Stuxnet Paper

…we have just published a lengthy analysis that considers many of these questions, as well as discussing some of the characteristics of this fascinating and multi-faceted malicious code. The report is already available here, and will shortly be available on the ESET white papers page.

Assessing Intent

There have been recent articles with fantastic titles such as “New threat: Hackers look to take over power plants” and “Hackers Target Power Plants and Physical Systems” in the wake of the Stuxnet worm that targeted certain industrial control systems (ICS). The reality is that hackers targeting ICS is nothing new. I am not clear

Microsoft publicó parche de seguridad fuera de ciclo

Tal como anunciábamos el último viernes, Microsoft ha cumplido con lo que indicó hace unos días y ya está a disposición de los usuarios la actualización de seguridad MS10-046, que corrige la vulnerabilidad CVE-2010-2568, que se relacionaba a la forma en que Windows Shell manejaba los archivos LNK (accesos directos) en los sistemas operativos afectados

Sality se suma a la vulnerabilidad LNK

Luego de las repercusiones sobre Stuxnet, explotando la vulnerabilidad CVE-2010-2568, a la cual se sumaron dos familias más (Win32/TrojanDownloader.Chymine.A y Win32/Autorun.VB.RP) y la incorporación del exploits a un crimeware (Zombie Explotation Kit), recientemente se ha descubierto otro código malicioso que utiliza esta debilidad para infectar los sistemas de información. Se trata de Sality, un peligroso

There’s Passwording and there’s Security

Kim Zetter’s article for Wired tells us that “SCADA System’s Hard-Coded Password Circulated Online for Years” – see the article at http://www.wired.com/threatlevel/2010/07/siemens-scada/#ixzz0uFbTTpM0 for a classic description of how a password can have little or no value as a security measure. Zetter quotes Lenny Zeltser of SANS as saying that ““…anti-virus tools’ ability to detect generic versions of

Follow us

Copyright © 2017 ESET, All Rights Reserved.