Stuxnet Worm (Iranian centrifuge destroyer)

23 Lug

What the news says it was ??

– Iranian centrifuge destroyer

  • It’s one goal was to destroy the Iranian nuclear  program

– Developed by the United States and Israel
– ‘Mission: Impossible’-like virus
– It will kill your unborn children

  • Assuming they are born in a hospital using PLC (Programmable Logic Controllers
    ) machines


What it really was ??

– Malware that spread on networks to infect systems running WinCC
– Took advantage of the fact that PLCs are usually unsecured
– Once inside, had the ability to reprogram PLC controlling

  • Gave the possibility of altering how machinery being controlled will run

– Self-replicates through removable drives exploiting a vulnerability allowing auto-
execution. Microsoft Windows Shortcut ‘LNK/PIF’ Files Automatic File Execution
– Spreads in a LAN through a vulnerability in the Windows Print Spooler. Microsoft
Windows Print Spooler Service Remote Code Execution Vulnerability
– Spreads through SMB by exploiting the Microsoft Windows Server Service RPC
Handling Remote Code Execution Vulnerability
– Copies and executes itself on remote computers through network shares.
– Copies and executes itself on remote computers running a WinCC database
– Copies itself into Step 7 projects in such a way that it automatically executes
when the Step 7 project is loaded.
– Updates itself through a peer-to-peer mechanism within a LAN.
– Exploits a total of four unpatched Microsoft vulnerabilities, two of which are
previously mentioned vulnerabilities for self-replication and the other two are
escalation of privilege vulnerabilities
– Contacts a command and control server that allows the hacker to
download and execute code, including updated versions.
– Contains a Windows rootkit that hide its binaries.
– Attempts to bypass security products.
– Fingerprints a specific industrial control system and modifies code on the
Siemens PLCs to potentially sabotage the system.
– Hides modified code on PLCs, essentially a rootkit for PLCs

Targeted Attack !!

The goal is not to blow up the centrifuge!
It will induce problems slowly, making sure that all sites get affected
before problems surface.
It holds the aggressive DEADFOOT condition only for short periods, and
then resumes undisturbed operation for periods of many days.

Results of the Stuxnet attack

In late 2009 or early 2010, Stuxnet destroyed
about 1,000 IR-1 centrifuges out of about 9,000
deployed at Natanz FEP
It rattled the Iranians, who were unlikely to know
what caused the breakage
It delayed the expected expansion of the plant
It consumed a limited supply of centrifuges to
replace those destroyed.





1 Commento

Pubblicato da su luglio 23, 2012 in Information Warfare


Una risposta a “Stuxnet Worm (Iranian centrifuge destroyer)

  1. Codici bonus Opzioni binarie

    giugno 28, 2015 at 10:48 am

    Quando si riceve il bonus 100% 24Option o qualsiasi altro bonus da 24Option, sarà necessario seguire alcune regole al fine di incassare il bonus 24Option. Le regole del bonus sono state istituite per fare in modo che il cliente che riceve il bonus intenda realmente rischiare il proprio denaro prima di ritirare i soldi dal conto.



Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:


Stai commentando usando il tuo account Chiudi sessione /  Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )


Connessione a %s...

%d blogger hanno fatto clic su Mi Piace per questo: