Son of Stuxnet

Anyone know more about this? What PLC/SCADA system???

http://redtape.msnbc.msn.com/_news/...e-used-to-attack-critical-computers-worldwide

Who knows -- the world's only known about it for an hour...

The moral of the story (whatever the story is) is to make sure your industrial systems are properly protected. Especially if they're attached to the outside world.

Stuxnet was primarily targeted at Siemens - is duqu? But, I'm also not aware of any stuxnet "attacks" that weren't very specifically targeted.

I know nothing, but thanks for posting the link. My fear is that Duqu is a "revenge" worm.

46 pages of Symantec data.
At a quick flick through it seems to have been picked up in several places in Europe and may have been around since last December but atleast since july

http://www.symantec.com/content/en/...32_duqu_the_precursor_to_the_next_stuxnet.pdf

Every time i hear about a virus and the just released counter measures,
i always think of this Porky Pig Daffy Duck cartoon

http://www.youtube.com/watch?v=zuO-SpAWq9E

http://www.eweek.com/c/a/Security/R...ly-Discovered-Duqu-Worm-is-Stuxnet-20-594465/

It looks like someone is trying to re-purpose Stuxnet, according to the article I linked. Lancie I don't know if it's a revenge thing, or if it's someone digging for proprietary info on control systems. Symantec thinks that the virus is targeting control system manufacturers. There was another thread where it was suggested that something like this was a possibility, but I gotta wonder how well it's going to work: Stuxnet was a precision tool, Duqu seems to be less precise.

http://www.bbc.co.uk/news/technology-15367816

A better, more informative article from the beeb. The last paragraph is kind of interesting. Some of us discussed that very idea in this thread:

http://www.plctalk.net/qanda/showthread.php?t=64887
We pondered the idea of Anonymous doing it "for teh lulz" or doing it as part of a larger agenda, but kind of decided that they probably wouldn't bother. But DoHS says they might be trying to target control systems, is that because DoHS has found credible evidence, or is it because they don't understand these kids and their newfangled internets? To say that I'm underwhelmed with the government's apparent knowledge when it comes to anything computer related is putting it very mildly. Or, another way to look at it, considering that Stuxnet might be an American product, would be to say that there is a small minority who know what they are doing, and a vast wasteland of idiots I wouldn't trust with a melon baller?

A lot of speculation by the "reporters" here, I suggest that you read the Symantec and McAfee reports to get the facts, even there it may not be obvious to determine fact from speculation.
From Symantec:

Duqu shares a great deal of code with Stuxnet; however, the payload is completely different. Instead of a payload designed to sabotage an industrial control system, the payload has been replaced with general remote access capabilities. The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party.(Speculation) While suspected, no similar precursor files have been recovered that predate the Stuxnet attacks.

Click to expand...

Regardless it is interesting to watch from a distance and eye opening when the possibilities are thought through.
Plus the "speculations" on who is doing this?

Thanks Russ. I noticed a lot of speculation myself, and wondered how they were coming to those conclusions. As to who's doing it, Symantec thinks that whoever is doing it has the source code for Stuxnet, which was, as far as I know, never released. My guess, if that is true, is that whoever wrote stuxnet in the first place might be gearing up to do something else? This raises the possibility that Symantec and McAfee may have disrupted an American or Israeli operation of some sort. If that's the case, though, it's difficult to feel sympathetic, considering that everyone has their eyes out for another Stuxnet-like event.

Good link. Thanks for the information.

Presumably someone could 'reverse engineer' Stuxnet to get at the source code??

Like using the old WinDASM (windows disassembler) as it was...?

One thing is for sure... this will be the first of many variants.

I think that we are only going to see more of this kind of thing in the future.

This article appeared in a UK newspaper yesterday:

http://www.thesun.co.uk/sol/homepage/news/politics/3878324/Well-strike-first-in-cyber-warfare.html

Goverments all around the world will be looking to see what they can get in to! At the beginning of the 1st gulf war before any troops crossed into Iraq, all the comms networks in Iraq mysteriously failed.

Nick

Here's another article.

http://news.yahoo.com/science-fiction-style-sabotage-fear-hacks-120704517.html

Did they strike again?

Check it out, rumor, accident or cover up?