28-09-2010, 06:59 AM
(This post was last modified: 28-09-2010, 07:48 AM by Peter Lemkin.)
Just a thought.....for the US/Israel, it would be preferable if a war with Iran were started by Iran....so this may be a way to provoke them to start the fight...but I doubt they'd take the bait...but who knows. I'm sure the computer virus/trojan was also very much meant to just destroy what they have not yet gotten around to bomb, by making control of it impossible or difficult. Tailor made computer viruses - how nice.....first for countries and programs, next for individuals, I'll bet. Just another note....despite the propaganda in the 'West' Iran has one of the most highly educated populations in the world and I believe is listed as having the hightest literacy rate - don't know the specifics on their programmers, but bet they are not far behind world-class. If anyone other than the major powers can figure out how to disarm and counter such a cyber threat, they likely are...but it will take time. It will, of course, likely make them think of retaliation in kind once they identify the culprit. :pcguru:
---The blowback was inevitable and it is now also in German Industries, as well!: [Psssst - Many large industries in the US use Siemens systems, as well......]
Stuxnet worm can re-infect scrubbed PCs
Iran's attempts to eradicate worm could be stymied by new infection vector, says researcher
By Gregg Keizer
September 27, 2010 04:09 PM ET
Computerworld - A security researcher today revealed yet another way that the Stuxnet worm spreads, a tactic that can re-infect machines that have already been scrubbed of the malware.
The new information came on the heels of admissions by Iranian officials that Stuxnet had infected at least 30,000 of the country's Windows PCs, including some of the machines at the Bushehr nuclear reactor in southwestern Iran.
The worm, which has been dubbed the world's most sophisticated malware ever, targets Windows PCs that oversee industrial-control systems, called "SCADA" systems, that in turn manage and monitor machinery in power plants, factories, pipelines and military installations.
Previously, researchers had spotted several propagation methods in Stuxnet that ranged from spreading via infected USB flash drives to migrating between machines using multiple unpatched Windows bugs.
Liam O Murchu, manager of operations on Symantec's security response team and one of a handful of researchers who have been analyzing Stuxnet since its public appearance in July, said today he'd found another way that the worm spreads. According to O Murchu, Stuxnet also injects a malicious DLL into every Step 7 project on a compromised PC, ensuring that the worm spreads to other, unaffected PCs whenever an infected Step 7 file is opened.
Step 7 is the Siemens software used to program and configure the German company's industrial control system hardware. When Stuxnet detects Step 7 software, it tries to hijack the program and pass control to outsiders.
"All Step 7 projects [on a compromised computer] are infected by Stuxnet," O Murchu said in an interview today. "Anyone who opens a project infected by Stuxnet is then compromised by the worm."
O Murchu said that the Step 7 propagation vector would insure that already-cleaned PCs would be re-infected if they later opened a malicious Step 7 project folder. "You could imagine the scenario where someone had cleaned the computer of Stuxnet, but before they did that, they backed up the project," he said. "When the project was later restored [to the now-clean] PC, it would be re-infected."
Another possibility, said O Murchu, is that Stuxnet's makers hoped to infect systems at a central SCADA-programming authority, which would then pass along the worm to PCs at several facilities that would use the Step 7 files to configure the local control hardware.
Siemens has admitted that 14 plants, many of them in Germany, were infected with Stuxnet, but it has not provided details on how the worm wriggled into those facilities.
The just-discovered way that Stuxnet spreads means that cleaning up after the worm will be more difficult, O Murchu said.
Earlier, O Murchu and others who have dug into Stuxnet, argued that the malware's complex construction and advanced techniques indicated it was the work of a state-backed group. The Step 7 infection vector is another clue of that, O Murchu said today.
"This is a very remarkable feature," he said. "Step 7 is fairly proprietary software, and whoever created Stuxnet had to know that program very well. It's certainly not something simple."
Over the weekend, Iranian officials acknowledged that Stuxnet had infected tens of thousands of Windows PCs in the country, including some at the Bushehr nuclear reactor.
Other security analysts have speculated that the worm was designed to cripple the Bushehr reactor. Several Western governments, including the U.S., suspect that Iran will reprocess Bushehr's spent fuel to produce weapons-grade plutonium for use in nuclear warheads.
On Sunday, the deputy head of Iran's Atomic Energy Organization said that Stuxnet had not affected Bushehr's control systems, and that experts had taken steps to block the worm from spreading.
---The blowback was inevitable and it is now also in German Industries, as well!: [Psssst - Many large industries in the US use Siemens systems, as well......]
Stuxnet worm can re-infect scrubbed PCs
Iran's attempts to eradicate worm could be stymied by new infection vector, says researcher
By Gregg Keizer
September 27, 2010 04:09 PM ET
Computerworld - A security researcher today revealed yet another way that the Stuxnet worm spreads, a tactic that can re-infect machines that have already been scrubbed of the malware.
The new information came on the heels of admissions by Iranian officials that Stuxnet had infected at least 30,000 of the country's Windows PCs, including some of the machines at the Bushehr nuclear reactor in southwestern Iran.
The worm, which has been dubbed the world's most sophisticated malware ever, targets Windows PCs that oversee industrial-control systems, called "SCADA" systems, that in turn manage and monitor machinery in power plants, factories, pipelines and military installations.
Previously, researchers had spotted several propagation methods in Stuxnet that ranged from spreading via infected USB flash drives to migrating between machines using multiple unpatched Windows bugs.
Liam O Murchu, manager of operations on Symantec's security response team and one of a handful of researchers who have been analyzing Stuxnet since its public appearance in July, said today he'd found another way that the worm spreads. According to O Murchu, Stuxnet also injects a malicious DLL into every Step 7 project on a compromised PC, ensuring that the worm spreads to other, unaffected PCs whenever an infected Step 7 file is opened.
Step 7 is the Siemens software used to program and configure the German company's industrial control system hardware. When Stuxnet detects Step 7 software, it tries to hijack the program and pass control to outsiders.
"All Step 7 projects [on a compromised computer] are infected by Stuxnet," O Murchu said in an interview today. "Anyone who opens a project infected by Stuxnet is then compromised by the worm."
O Murchu said that the Step 7 propagation vector would insure that already-cleaned PCs would be re-infected if they later opened a malicious Step 7 project folder. "You could imagine the scenario where someone had cleaned the computer of Stuxnet, but before they did that, they backed up the project," he said. "When the project was later restored [to the now-clean] PC, it would be re-infected."
Another possibility, said O Murchu, is that Stuxnet's makers hoped to infect systems at a central SCADA-programming authority, which would then pass along the worm to PCs at several facilities that would use the Step 7 files to configure the local control hardware.
Siemens has admitted that 14 plants, many of them in Germany, were infected with Stuxnet, but it has not provided details on how the worm wriggled into those facilities.
The just-discovered way that Stuxnet spreads means that cleaning up after the worm will be more difficult, O Murchu said.
Earlier, O Murchu and others who have dug into Stuxnet, argued that the malware's complex construction and advanced techniques indicated it was the work of a state-backed group. The Step 7 infection vector is another clue of that, O Murchu said today.
"This is a very remarkable feature," he said. "Step 7 is fairly proprietary software, and whoever created Stuxnet had to know that program very well. It's certainly not something simple."
Over the weekend, Iranian officials acknowledged that Stuxnet had infected tens of thousands of Windows PCs in the country, including some at the Bushehr nuclear reactor.
Other security analysts have speculated that the worm was designed to cripple the Bushehr reactor. Several Western governments, including the U.S., suspect that Iran will reprocess Bushehr's spent fuel to produce weapons-grade plutonium for use in nuclear warheads.
On Sunday, the deputy head of Iran's Atomic Energy Organization said that Stuxnet had not affected Bushehr's control systems, and that experts had taken steps to block the worm from spreading.
"Let me issue and control a nation's money and I care not who writes the laws. - Mayer Rothschild
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass