Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sam Skalicky Biru Cui.  Discovery  Architecture  Evaluation  Conclusion.

Published byTre Rendell Modified over 9 years ago

Similar presentations

Presentation on theme: "Sam Skalicky Biru Cui.  Discovery  Architecture  Evaluation  Conclusion."— Presentation transcript:

1 Sam Skalicky Biru Cui

2  Discovery  Architecture  Evaluation  Conclusion

3  VirusBlokAda  Zero-day  Microsoft  Stuxnet <=.stub + MrxNet.sys  Symantec

4  Organization  Installation  Propagation  Target & Process

5  Organization  Exports  Resources  Configuration

6  Installation  E 15: environment scan, escalation  E 16: copy, hide, autorun (certificate)

7  Propagation  WinCC SQL  P2P RPC  Printer spooler  Removable disk .lnk, ~WTR4141.tmp, ~WTR4132.tmp  Autorun.inf

8  Target  Step 7 (E2/E14)  PLC  Data Blocks (DB)  System Data Blocks (SDB)  Organization Blocks (OB)  Function Blocks (FC)

9  Process  Broker  FC: RECV  OB1/OB35

10  Process  Profibus ID  CP  Frequency converter

11  Process  1.41kHz 1.064kHz 2Hz

12  Complex  code size  propagation methods  zero-day exploit  certificate steal  specific target Step/PLC/FC

13  Where

14  What

15  Very small risk to the majority of users  Worm was target so specifically  Modifying large spinning motors to fail  Shorting out  Overheat  Disengage from their mounting  Consumes disk space (500KB)  New type of worm detected

16  W32.Duqu, a new beginning?

17  [1] “Frequently Asked Questions on Virus-L/comp.virus.” Internet: http://www.faqs.org/faqs/computer-virus/faq/, Oct. 9, 1995 [Jan. 7, 2012].http://www.faqs.org/faqs/computer-virus/faq/  [2] “MS10-061: Printer Spooler Vulnerability.” Internet: http://blogs.technet.com/b/srd/archive/2010/09/14/ms1 0-061-printer-spooler-vulnerability.aspx, Sept. 14, 2010 [Jan. 7, 2012]. http://blogs.technet.com/b/srd/archive/2010/09/14/ms1 0-061-printer-spooler-vulnerability.aspx  [3] Nicolas Falliere, Liam O Murchu, and Eric Chien, “W32.Stuxnet” Synmatec, November 2010.  [4] K. Zetter, “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History,” Internet: http://www.wired.com/threatlevel/2011/07/how-digital- detectives-deciphered-stuxnet/all/1, July 11, 2011 http://www.wired.com/threatlevel/2011/07/how-digital- detectives-deciphered-stuxnet/all/1

Download ppt "Sam Skalicky Biru Cui.  Discovery  Architecture  Evaluation  Conclusion."

Similar presentations

HOW TO ACCESS AND USE E-BOOKS Project members:Sarika Singh Jennifer Murphy.

HOW TO ACCESS AND USE E-BOOKS Project members:Sarika Singh Jennifer Murphy.
Making Inferences Drawing conclusions from two premises: When it rains, the grass gets wet. The grass is wet. Can we assume that it rained? Can we jump.

Making Inferences Drawing conclusions from two premises: When it rains, the grass gets wet. The grass is wet. Can we assume that it rained? Can we jump.

Exponents, Parentheses, and the Order of Operations.

Exponents, Parentheses, and the Order of Operations.
Function [C]=cholesky(A) [n,m]=size(A); C=zeros(n,n); if (A(1,1)

Function [C]=cholesky(A) [n,m]=size(A); C=zeros(n,n); if (A(1,1)
Living Things vs. Nonliving Things

Living Things vs. Nonliving Things
©2012 Microsoft Corporation. All rights reserved..

©2012 Microsoft Corporation. All rights reserved..
The KITE geometry manipulator Slava Pranovich TU/e Dept. Math. and Computer Science.

The KITE geometry manipulator Slava Pranovich TU/e Dept. Math. and Computer Science.
Rules of Exponents In this lesson, you will be able to simplify expressions involving zero and negative exponents.

Rules of Exponents In this lesson, you will be able to simplify expressions involving zero and negative exponents.
(2 + 1) + 4 = 2 + (1 + 4) Associative Property of Addition.

(2 + 1) + 4 = 2 + (1 + 4) Associative Property of Addition.
Exponents Lesson 2-8.

Exponents Lesson 2-8.
EXAMPLE 2 Evaluate exponential expressions a. 6 – 4 6 4 Product of a power property = 6 0 Add exponents. = 1 Definition of zero exponent = 6 – 4 + 4.

EXAMPLE 2 Evaluate exponential expressions a. 6 – Product of a power property = 6 0 Add exponents. = 1 Definition of zero exponent = 6 –
How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.
Slope Intercept Form Y = m x + b m is the slope of the line. b is the y-intercept. Given the following equation, identify the slope and y intercept.

Slope Intercept Form Y = m x + b m is the slope of the line. b is the y-intercept. Given the following equation, identify the slope and y intercept.
Lesson 1.7 Dividing Integers Standards: NS 1.2 and AF 2.1 Objectives: Dividing Integers Evaluate variable expressions.

Lesson 1.7 Dividing Integers Standards: NS 1.2 and AF 2.1 Objectives: Dividing Integers Evaluate variable expressions.
Sam Griffen Pictures Never Lie. References

Sam Griffen Pictures Never Lie. References
1234567891011121314151617181920 2122232425262728293031323334353637383940 41424344454647484950 1.quotient is x + 6 and remainder is -34 2.quotient is x.

quotient is x + 6 and remainder is quotient is x.
6.3 Synthetic Division.

6.3 Synthetic Division.
Data Intensive Computing Graph algorithms for irregular, unstructured data – John Feo, Pacific Northwest National Laboratory graph500 and data-intensive.

Data Intensive Computing Graph algorithms for irregular, unstructured data – John Feo, Pacific Northwest National Laboratory graph500 and data-intensive.
1)Be able to evaluate powers that have zero exponents. 2)Be able to evaluate powers that have negative exponents. 3)Rewrite expressions so that exponents.

1)Be able to evaluate powers that have zero exponents. 2)Be able to evaluate powers that have negative exponents. 3)Rewrite expressions so that exponents.

Similar presentations

Ads by Google