A sophisticated Malware Arpit Singh CPSC 420

Slides:



Advertisements
Similar presentations
SCADA Security, DNS Phishing
Advertisements

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
Real world example: Stuxnet Worm. Overview Primary target: industrial control systems –Reprogram Industrial Control Systems (ICS) –On Programmable Logic.
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
Geneva, Switzerland, September 2014 Critical infrastructure protection: standardization to protect critical infrastructure objects Viacheslav Zolotnikov,
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Advanced Persistent Threats CS461/ECE422 Spring 2012.
Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Stuxnet The first cyber weapon.
Instilling rigor and imagination in analysis Countering the Iranian Nuclear Threat Stuxnet and its Broader Implications Randolph H. Pherson Mary C. Boardman.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Desktop Security After completing this lesson, you should be able to do the following: Describe the different types of software and hardware attacks List.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
By: Sharad Sharma, Somya Verma, and Taranjit Pabla.
Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.
By Ksenia Primizenkina 8K
Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.
D. Beecroft Fremont High School VIRUSES.
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
 a crime committed on a computer network, esp. the Internet.
What is a virus??????? A virus is an of some sort sent to you that will usually shut down or corrupt your computer. It will then send the virus.
VIRUS Is a computer program that can copy itself and infect a computer without permission or knowledge of the user or is a program or piece of code that.
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.
Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.
VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
THE THREAT LANDSCAPE FROM CYBERCRIME TO CYBER-WAR David Emm Global Research and Analysis Team.
 Stuxnet: The Future of Malware? Stephan Freeman.
We are here to help you… Fight something like this Brownies !
Computer security By Isabelle Cooper.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.
Stuxnet.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Information Systems Design and Development Security Precautions Computing Science.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Travis Deyarmin. In This Presentation  What is Stuxnet  What is Flame  Compare/Contrast  Who is Responsible  Possible Repercussions.
How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |
Botnets A collection of compromised machines
Industrial Control System Cybersecurity
W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |
Stuxnet By Shane Serafin.
CYBER SECURITY...
Various Types of Malware
Cybersecurity Case Study STUXNET worm
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
Botnets A collection of compromised machines
CIS 560 Innovative Education-- snaptutorial.com
CIS 560 Possible Is Everything/snaptutorial.com
CIS 560 Education for Service-- snaptutorial.com.
CIS 560Competitive Success/tutorialrank.com
CIS 560 Education for Service-- tutorialrank.com.
CIS 560 Teaching Effectively-- snaptutorial.com
Propagation, behavior, and countermeasures
Object Oriented Programming and Software Engineering CIS016-2
Presentation transcript:

A sophisticated Malware Arpit Singh CPSC 420

WHAT IS STUXNET ?  Stuxnet is a window specific worm first detected in June 2010 by VirusBlokAda.  Stuxnet uses a vulnerability in the way Windows handles shortcut files.  Originally thought to spread mainly through the use of removable drives, such as USB sticks.  Designed to steal industrial secrets and disrupt operations.  Stuxnet infected systems in many countries but 60 percent of the computers worldwide infected in Iran, indicating industrial plants in that country were the target.

WHAT IS SO SPECIAL ABOUT STUXNET ?  A list of Firsts  It is the first discovered worm that spies on and reprograms industrial systems.  It is the first-ever computer worm to include a PLC rootkit.  It is also the first known worm to target critical industrial infrastructure.  Kaspersky Labs released a statement that described Stuxnet as "a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world.“  Kaspersky Labs concluded that the attacks could only have been conducted "with nation-state support", making Iran the first target of real cyber warfare.

HOW STUXNET WORKS ?  Once within a network -- initially delivered via an infected USB device Stuxnet uses the EoP vulnerabilities to gain administrative access to other PCs  Seeks out systems running the WinCC and PCS 7 SCADA management programs, hijacks them by exploiting either the print spooler or MS bugs  Tries the default Siemens passwords to commandeer the SCADA software.  It could then reprogram the so-called PLC (programmable logic control) software to give machinery new instructions.

HOW STUXNET WORKS ?  While the intended target of Stuxnet appears to be the manipulation of Siemens PLCs, Stuxnet could have just as easily been designed to attack PLCs made by other SCADA manufacturers.  The worm hides the modified PLC programs by marking each of the worm’s function blocks in a particular way.  The wrapper contains code to recognize the worm’s marked function blocks.  The spread of worm by USB sticks was also monitored.  Anti-virus technologies and patching are now available to protect you against Stuxnet

HOW STUXNET SPREADS ? Image courtesy Kaspersky Lab

TECHNIQUES USED  Stuxnet used several zero days in order to infect and spread.  Stuxnet behaves differently depending on what type of network it thinks it is running on. Stuxnet performs some rudimentary checking to see whether it is on a corporate network or a control systems network: If it detects that it is running on a corporate network, it won’t invoke the older 2008 vulnerability.  Stuxnet also disguised two critical files by signing them with the legitimate digital signatures belonging to industrial giants Realtek Semiconductor Corp. and JMicron.  The malware weighed in a nearly half a megabyte -- an astounding size.  Written in multiple languages, including C, C++ and other object-oriented languages

STUXNET ICS ROOTKIT

CONCLUSION  According to various experts around the world, Stuxnet has passed all the tests that qualifies it to be the most sophisticated and complex piece of malware ever written. It even initiates a debate over the cyber warfare.  Since the analyst have pointed out that the resources required to carry out the testing and deployment of such a malware are huge and only a state backed affair can manage that.  It is for us to see that how many more advanced malwares will we witness in coming future since this stuxnet affair is just been called a test because no firm complained of any damage or irregularities at the plants. May be this the start of the cyber warfare.

RECENT DEVELOPMENTS  On Nov. 23, 2010 Iran recently was forced to stop operating thousands of uranium enrichment centrifuges for a limited period of time.  On November 25, 2010 Reports appeared that it has been traded on the black market and could be used by terrorists  On Nov. 29, 2010 Iran's president has confirmed for the first time that a computer worm affected centrifuges in the country's uranium enrichment program.

REFRENCES   thought/    Nuclear-Plant-Is-In-Hands-Of-Bad-Guys-Sky-News-Sources-Say/Article/ 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.