Download presentation
Presentation is loading. Please wait.
Published byDennis Cook Modified over 9 years ago
2
Jonathan Baulch
3
A worm that spreads via USB drives Exploits a previously unknown vulnerability in Windows Trojan backdoor that looks for a specific software created by Siemens
4
June 2009 – Earliest Stuxnet version seen. Lacks many complexities of the later versions January 25, 2010 – Stuxnet driver signed with valid certificate from Realtek Semiconductor Corps June 17, 2010 – Virusblokada reports W32.Stuxnet named RootkitTmphider July 13, 2010 – Symantec adds detection known as W32.Temphid
5
July 16, 2010 – Verisign revokes Realtek Semiconductor Corps certificate July 17, 2010 – Eset identifies new Stuxnet driver with certificate from JMicron Technology Corp. July 19, 2010 – Siemens reports they are investigating reports of malware affecting Siemens WinCC SCADA systems
6
August 6, 2010 – Symantec reports how Stuxnet can inject and hide code on a PLC September 30, 2010 – Symantec presents at Virus Bulletin and releases comprehensive analysis of Stuxnet
7
Self-replicates through removable drives exploiting a vulnerability allowing auto- execution Spreads in a LAN through a vulnerability in the Windows Print Spooler Copies and executes itself on remote computers through network shares
8
Copies and executes itself on remote computers running a WinCC database server Copies itself into Step 7 projects in such a way that it automatically loads when Step 7 is run Updates itself through a peer-to-peer mechanism within a LAN
9
Exploits 4 different zero-day Microsoft vulnerabilities Contacts a command and control server that allows a hacker to download and execute code Contains a Windows rootkit that hides its binaries
10
Attempts to bypass security products Fingerprints a specific industrial control system and modifies code on the Siemens PLCs to potentially sabotage the system Hides modified code on PLCs
11
PLC – Programmable Logic Controller ◦ Loaded with blocks of code and data written using a variety of languages such as STL or SCL ◦ PLCs are small embedded industrial control systems that run automated processes on factory floors, chemical and nuclear plants, oil refineries, etc.
12
It has yet to be discovered who authored the Stuxnet worm and who/what the target was. ◦ Research project that got out of control. There is history of accidental releases of worms by researches before. ◦ Criminal worm designed to demonstrate the power the authors possess. ◦ Worm released by the U.S. military to scare government into increasing the budget for cyber security. ◦ Developed by Israel to attack Iran
13
Iran was one of the top countries to be affected most by the Stuxnet worm. Iran currently is constructing a nuclear plant in Bushehr and experts believe the delays have been the result of Stuxnet. Report by Siemens expert, Ralph Langer, says that Stuxnet could easily cause a refinery’s centrifuge to malfunction.
14
Stuxnet achieved many things in the malicious code realm First to exploit 4 0-day vulnerabilities Compromised 2 digital certificates Injected code into industrial control systems and hid the code from operators.
15
Many experts say it is the most complex malicious software created in the history of cyber security. Highlights that it is possible to attack critical infrastructures in places other than Hollywood movies. Improbable that copy cat attacks will begin to be mass produced due to the complexity of the software.
16
W32.Stuxnet Dossier - http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stux net_dossier.pdf http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stux net_dossier.pdf Schneier on Security - http://www.schneier.com/blog/archives/2010/10/stuxnet.htmlhttp://www.schneier.com/blog/archives/2010/10/stuxnet.html Details on the first-ever control system malware - http://news.cnet.com/8301-27080_3-20011159- 245.htmlhttp://news.cnet.com/8301-27080_3-20011159- 245.html
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.