Symantec Uncovered Stuxnet’s Code
According to a document that Symantec published recently, the security company has uncovered the code of Stuxnet, which attacked a nuclear processing plant in Iran. ReadWrite Hack reported this on June 28, 2011.
Last year i.e. 2010, Symantec, on July 20, arranged for tracking web-traffic that linked to the C&C servers of Stuxnet. Consequently, it found around 40,000 distinct Internet Protocol addresses that emanated from around 155 countries. Says Symantec that the PC-network of the Iranian plant had a so-called "air gap" among the computers, which helped in communicating with the controllers of Siemens, as well as the plant's plain business network, which was connected online.
And as infections cluttered in Iran, it possibly showed that the worm' first target was this country. Although Stuxnet represents a malware that's targeted in nature, its utilization of propagation methods of a large type is suggestive of its dissemination over and above the initial attack point.
Reportedly, Stuxnet's creators attacked the plant's 5 probable subcontractors, perceiving that ultimately one of their employees will take his notebook PC inside the plant where he'll load a few programs onto the controller computers utilizing an external drive. Thereafter, using one particular new 0-day assault, the virus would alter the icon of a Windows document within Explorer that by simple viewing would compromise the infected system.
Further, when it was February 2011, Symantec had already collected 3,280 distinct samples of 3 separate variants. Incidentally, whenever a fresh Stuxnet contamination happens, the worm maintains system information. So studying this data, Symantec came to the conclusion that Stuxnet executed a personalized assault against 5 separate organizations on the basis of the registered domain names of the PCs.
Describing Stuxnet's action, Symantec said that it rotated horizontally within the centrifuges at an excessive frequency causing large-scale destruction. During this while, the virus replayed the controller traffic of the earlier 2-weeks to those operating the plant so no suspicion arose till the time the systems began malfunctioning. It also deactivated the controllers' inbuilt kill switches that effectively prevented the systems from shutting down.
Apparently Symantec cautions, the creators of Stuxnet may bring something more dangerous next time.
» SPAMfighter News - 06-07-2011