Sophisticated 'malware' targeted high value targets in Iran
A computer worm that infects machines that are generally not connected to the internet has been spreading like wildfire since June. According to Symantec, makers of the Norton anti-virus system, which is one of the most popular such systems in the world, some 60% of the infections are based in Iran. Was someone trying to damage Iran's nuclear efforts?Stuxnet was first detected in June by a security firm based in Belarus, but may have been circulating since 2009.Experts believe that the worm is so sophisticated that it could only have been developed by a nation state. Hmmm. Would we do something like that?
Unlike most viruses, the worm targets systems that are traditionally not connected to the internet for security reasons.
Instead it infects Windows machines via USB keys - commonly used to move files around - infected with malware.
Once it has infected a machine on a firm's internal network, it seeks out a specific configuration of industrial control software made by Siemens.
Once hijacked, the code can reprogram so-called PLC (programmable logic control) software to give attached industrial machinery new instructions.
"[PLCs] turn on and off motors, monitor temperature, turn on coolers if a gauge goes over a certain temperature," said Mr O'Murchu.
"Those have never been attacked before that we have seen."
If it does not find the specific configuration, the virus remains relatively benign.
However, the worm has also raised eyebrows because of the complexity of the code used and the fact that it bundled so many different techniques into one payload.
"There are a lot of new, unknown techniques being used that we have never seen before," he said These include tricks to hide itself on PLCs and USB sticks as well as up to six different methods that allowed it to spread.
In addition, it exploited several previously unknown and unpatched vulnerabilities in Windows, known as zero-day exploits.
"It is rare to see an attack using one zero-day exploit," Mikko Hypponen, chief research officer at security firm F-Secure, told BBC News. "Stuxnet used not one, not two, but four."
He said cybercriminals and "everyday hackers" valued zero-day exploits and would not "waste" them by bundling so many together.
Microsoft has so far patched two of the flaws.
Read the whole thing.
1 Comments:
You bet.
I wonder if they can mess up Ahmedinejad's jet control system so it'll crash somewhere?
You never just know.
I'd bet smart money it was Smart Jews that hacked Iran's computer network.
If they are behind it, mum's the word in Israel.
Heh
Post a Comment
<< Home