Israel Matzav: Sophisticated 'malware' targeted high value targets in Iran

Friday, September 24, 2010

Sophisticated 'malware' targeted high value targets in Iran

A computer worm that infects machines that are generally not connected to the internet has been spreading like wildfire since June. According to Symantec, makers of the Norton anti-virus system, which is one of the most popular such systems in the world, some 60% of the infections are based in Iran. Was someone trying to damage Iran's nuclear efforts?

Stuxnet was first detected in June by a security firm based in Belarus, but may have been circulating since 2009.

Unlike most viruses, the worm targets systems that are traditionally not connected to the internet for security reasons.

Instead it infects Windows machines via USB keys - commonly used to move files around - infected with malware.

Once it has infected a machine on a firm's internal network, it seeks out a specific configuration of industrial control software made by Siemens.

Once hijacked, the code can reprogram so-called PLC (programmable logic control) software to give attached industrial machinery new instructions.

"[PLCs] turn on and off motors, monitor temperature, turn on coolers if a gauge goes over a certain temperature," said Mr O'Murchu.

"Those have never been attacked before that we have seen."

If it does not find the specific configuration, the virus remains relatively benign.

However, the worm has also raised eyebrows because of the complexity of the code used and the fact that it bundled so many different techniques into one payload.

"There are a lot of new, unknown techniques being used that we have never seen before," he said These include tricks to hide itself on PLCs and USB sticks as well as up to six different methods that allowed it to spread.

In addition, it exploited several previously unknown and unpatched vulnerabilities in Windows, known as zero-day exploits.

"It is rare to see an attack using one zero-day exploit," Mikko Hypponen, chief research officer at security firm F-Secure, told BBC News. "Stuxnet used not one, not two, but four."

He said cybercriminals and "everyday hackers" valued zero-day exploits and would not "waste" them by bundling so many together.

Microsoft has so far patched two of the flaws.

Experts believe that the worm is so sophisticated that it could only have been developed by a nation state. Hmmm. Would we do something like that?

Read the whole thing.

1 Comments:

At 1:36 PM, NormanF said...: You bet.

I wonder if they can mess up Ahmedinejad's jet control system so it'll crash somewhere?

You never just know.

I'd bet smart money it was Smart Jews that hacked Iran's computer network.

If they are behind it, mum's the word in Israel.

Heh

Post a Comment

<< Home

Name: Carl in Jerusalem

Location: Jerusalem, Israel

I am an Orthodox Jew - some would even call me 'ultra-Orthodox.' Born in Boston, I was a corporate and securities attorney in New York City for seven years before making aliya to Israel in 1991 (I don't look it but I really am that old :-). I have been happily married to the same woman for thirty-five years, and we have eight children (bli ayin hara) ranging in age from 13 to 33 years and nine grandchildren. Four of our children are married! Before I started blogging I was a heavy contributor on a number of email lists and ran an email list called the Matzav from 2000-2004. You can contact me at: IsraelMatzav at gmail dot com

View my complete profile

Site Feed

Like what you see? Please hit my tip box below!