Stuxnet virus attack: Russia warns of ‘Iranian Chernobyl'



'....But they have raised serious concerns about the extensive damage caused to the plant's computer systems by the mysterious Stuxnet virus, which was discovered last year and is widely believed to have been the result of a sophisticated joint US-Israeli cyber attack........'



Cecacing Stuxnet sabotaj program nuklear Iran

'....Perkhidmatan perisikan Amerika Syarikat (AS) dan Israel telah bekerjasama bagi menghasilkan sejenis cecacing komputer bagi mensabotaj usaha Iran untuk membina bom nuklear.......'

Could Stuxnet Mess With North Korea’s New Uranium Plant?


Kim Zetter and Spencer Ackerman



'....The Stuxnet worm may have a new target. While security analysts try to figure out whether the now-infamous malware was built to sabotage Iran’s nuclear program, North Korea has unveiled a new uranium enrichment plant that appears to share components with Iran’s facilities. Could Pyongyang’s centrifuges be vulnerable to Stuxnet?......'


Stuxnet Redux: Questions and Answers




' updated set of Questions and Answers on Stuxnet......'


Stuxnet knocks Natanz out for a week, hits Iran's air defense exercise




'....According to an exclusive report reaching DEBKAfile, Stuxnet is also in the process of raiding Iran's military systems, sowing damage and disorder in its wake.

On Nov. 17, in the middle of a massive air defense exercise, Iranian military sources reported six foreign aircraft had intruded the airspace over the practice sites and were put to flight by Iranian fighters. The next day, a different set of military sources claimed a misunderstanding; there had been no intrusions. Iranian fighters had simulated an enemy raid which too had been repulsed.......'


Is SAP afraid of a Stuxnet-style attack?

Jeremy Kirk



'....With SAP, "I think we may see something like that in the near future, but mostly now the concern is a direct attack, such as taking a system offline or modifying business information," Nuñez Di Croce said.  Stuxnet "was the shot across the bow of the industry," said Alex Ayers, director of operations for Turnkey Consulting, a U.K.-based company that also specializes in SAP security. "If you've got people who have the ability to do this, why should we assume that any ERP can't be targeted in the same way?".......'



Dean Picciotti and Gregory Montanaro

Source: Foreign Policy Research Institute Date



'....Michael Scheidell, Chief Technology Officer of SECNAP Network Security and a nationally recognized expert on cyberinfrastructure security, acknowledges that “Stuxnet’s complexity, multi-layered design, and range of technically disparate elements suggest that a large, well-funded team is responsible for its creation—possibly a nation-state. Some analysis also points to a highly specific target—a nuclear plant in Iran.  So you could conclude that a powerful entity, organization or country created Stuxnet in retaliation against Iran.  We may find another scenario at the end of the day, but this one looks good, given what we know now.”


U.S. nervously awaits next 

CBC News



'....The United States government and its diplomats around the world are nervously awaiting the latest release of Wikileaks documents, more than two million, expected late Friday or Saturday.

Officials said the documents may contain accounts of compromising conversations with political dissidents and friendly politicians.  They also could damage U.S. relations with allies around the world and result in the expulsion of U.S. diplomats from foreign postings......'


Stuxnet worm hits the black market

Stewart Meagher



'....The reason the virus has spread to so many unrelated and unconnected systems is because it was almost certainly delivered into the Iranian nuclear plant on a USB drive or similar portable storage device. Allowing the worm to propagate over hundreds of thousands of computers raises the chances that it will find itself installed on the chosen target exponentially. There is, of course, no evidence that the malware reached its intended target......'




WikiLeaks and Stuxnet - Smart Grid Wakeup Calls

By Jon Arnold (ICP), Founder, Intelligent Communications Partners



'......The past couple of weeks have been pretty seminal for anyone concerned about the state of Internet security and the bigger picture as to how much we could – do – and should – trust the Web. These two strange words – WikiLeaks and Stuxnet – have suddenly entered our lexicon and there is a lot to be concerned about in the world of smart grid.......'


The workings of a surreptitious worm

Avinash Celestine



'..........What does Stuxnet do when it eventually finds its true home? Crash the system? Get the plant to make large quantities of strawberry jam? What researchers found is that the worm causes the converter drives it targets to behave erratically — they speed up suddenly, behave normally for a while, then suddenly slow down to very low speeds........'


VIDEO: Watch the Stuxnet Worm at Work


The malware known as “Stuxnet” — a cyber weapon that targets critical industrial control systems, primarily in nuclear plants — has been one of the most significant cyber security events in recent years. Security firm Symantec has posted an informative video demonstration of how this sophisticated malware operates.


Iran forms elite security unit after Stuxnet assassination

Aharon Etengoff



'.......Tehran has formed an elite security unit to protect nuclear scientists after failing to prevent the assassination of a high-level Stuxnet expert attempting to counter the voracious worm........'


Stuxnet super virus



'........The Stuxnet super virus is a new breed of viruses which is worrying governments across the globe. It has already disrupted the Iran Nuclear programme earlier this year. Latest reports from various news sources suggest it is now on the black market and could be used by terrorists........'


Top Security Predictions for 2011

By Tony Bradley



'.......A MessageLabs blog post explains, "One of the most threatening advances in malware during 2010 broadened the range of targets beyond PCs and servers when the Stuxnet Trojan attacked programmable logic controllers. This specialized malware written to exploit physical infrastructures will continue in 2011 driven by the huge sums of money available to criminal enterprises at low risk of prosecution.......'


Iran admits Stuxnet worm messed with nuke plant



'..........In a news conference reported by the BBC, the outspoken leader confirmed that some of the centrifuges used in Iran's uranium enrichment programme had been compromised by the Stuxnet worm, but that the effect was limited.......'


Iran Confirms Stuxnet Worm Halted Centrifuges



'..........Country Had Previously Denied that the Computer Worm Had Affected Its Controversial Nuclear Program. Iran has previously denied the Stuxnet worm, which experts say is calibrated to destroy centrifuges, had caused any damage, saying they uncovered it before it could have any effect.  But President Mahmoud Ahmadinejad has said it "managed to create problems for a limited number of our centrifuges." Speaking to a press conference Monday, he said the problems were resolved............'


Iran: Yes, Stuxnet hurt our nuclear program

By Larry Dignan



'...........The Stuxnet worm got some big play from Iranian President Mahmoud Ahmadinejad, who acknowledged that the malware dinged his nuclear program..........'


Stuxnet could signal shift in malware

Shaun Nichols



'........."This specialised malware written to exploit physical infrastructures will continue in 2011 driven by the huge sums of money available to criminal enterprises at low risk of prosecution," he said in a blog post..........'


Stuxnet researchers cautious about Iran's admission of centrifuge issues

By Gregg Keizer



'.........Symantec researchers want confirmation that uranium enrichment centrifuges were hit by worm, but proof may be impossible.........'


Stuxnet was custom made for nuclear plant

by John Lister



'...........Now Orla Cox of Symantec reports that close examination of the Stuxnet code shows that it is specifically designed to target the controllers that operate motors at frequencies between 807 and 1210 Hz. There are very few types of equipment that run at this speed, and they include the centrifuges used in uranium enrichment.......'


Stuxnet may initiate cyber-terrorism



'...........Studies show that 60% of the 45 K infected computers by Stuxnet worldwide were in Iran, which makes it the first target of a “cyberwarfare”. Yet China, Indonesia and India are also subjected to the threat of this super computer virus, which possesses the power to become a threat to the countries’ national security..........'


Death in Teheran: Stuxnet Continued

by Roger L Simon



'...........According to (the often-unreliable-but-frequently-fascinating) Debka file, the scientist assassinated — Majid Shahriari — was in charge of their program to deal with the Stuxnet malware that has infected Iranian computers. At that same time, Ahmadinejad publicly admitted setbacks. This isn’t a great time to be an Iranian nuclear scientist...........'


Report: Iran Confirms Stuxnet Hit Centrifuges

By Robert McMillan


'...........Security researchers now believe that Stuxnet had at least two targets: centrifuges such as the ones Ahmadinejad referred to on Monday, and another type of industrial system targeted with what's known as the worm's 417 attack code........'


Iran admits cyberattack hit nuke programme

By Chris Williams



'..........."They were able to create problems on a limited basis for some of our centrifuges by software installed in electronic equipment," Ahmadinejad said. Security analysts have speculated for months that Stuxnet is a digital weapon aimed at Iran's nuclear facilities at Bushehr and Natanz.......'



Eset security research fellow says Stuxnet reporting is OTT



'...........Reporting on the Stuxnet malware has reached new heights - or lows, depending on your point of view. According to David Harley, a security research fellow with Eset, the Sky News video report on the malware of late last week was more 'planet fantasy' than anything else.....'




MyCERT Advisories


MyCERT Alert – Malware Targeting Simatic WinCC and Simatic PCS 7 SCADA Systems


'.........MyCERT has observed a targeted attack carried out by a malware known as Stuxnet. The targeted softwares are Siemen’s Simatic WinCC and Simatic PCS 7 and according to other security analysts the attack had started on July 14th 201The malware is currently spreading via USB sticks and exploits a critical vulnerability in the Microsoft Windows operating system (CVE-2010-2568), which is connected with the database system of Simatic WinCC and Simatic PCS 7. MyCERT had previously released an advisory on the Microsoft critical vulnerability. [2]......'


MyCERT Alert – Critical Vulnerability in Microsoft Windows


'............A critical vulnerability (CVE-2010-2568) has been identified in the Microsoft Windows that executes code specified in shortcut files (.LNK). The vulnerability, if successfully exploited could potentially allow an attacker to execute arbitrary code with the privileges of the user on the affected system.  The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. Essentially, this vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited.MyCERT is aware that a '0-day' exploit is being exploited in the wild at the time of the publication of this advisory...............'


W32.Stuxnet Dossier

Nicolas Falliere, Liam O Murchu, and Eric Chien



'....Stuxnet was discovered in July, but is confirmed to have existed at least one year prior and likely even before. The majority of infections were found in Iran. Stuxnet contains many features such as:


  • Self-replicates through removable drives exploiting a vulnerability allowing auto-execution.
  • Spreads in a LAN through a vulnerability in the Windows Print Spooler.
  • Spreads through SMB by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874).
  • Copies and executes itself on remote computers through network shares
  • Copies and executes itself on remote computers running a WinCC database server
  • Copies itself into Step 7 projects in such a way that it automatically executes when the Step 7 project is • loaded.
  • Updates itself through a peer-to-peer mechanism within a LAN
  • Exploits a total of four unpatched Microsoft vulnerabilities, two of which are previously mentioned vulner
  • abilities for self-replication and the other two are escalation of privilege vulnerabilities that have yet to be disclosed.
  • Contacts a command and control server that allows the hacker to download and execute code, including updated versions.
  • Contains a Windows rootkit that hide its binaries.
  • Attempts to bypass security products.
  • Fingerprints a specific industrial control system and modifies code on the Siemens PLCs to potentially sabotage the system.
  • Hides modified code on PLCs, essentially a rootkit for PLCs.

A new tool in the fight against malware

Source: Team Cymru



'....The tool, called “WinMHR,” is an extension of the “Malware Hash Registry” (MHR), an anti-malware service that Team Cymru has offered for several years. The MHR is a large repository of the unique fingerprints or “hashes” that correspond to millions of files that have been identified as malicious by dozens of anti-virus firms and other security experts over the years.....'


Microsoft fixes record 49 holes, including Stuxnet flaw

by Elinor Mills



'....Meanwhile, Microsoft provided a priority list for the 16 bulletins being released, which fix 6 holes that are rated "critical." Four vulnerabilities are singled out because there are likely to be exploits developed for them, according to a Microsoft blog that assesses the risks of the various vulnerabilities......'



India detected Stuxnet in July

Nick Farrell



'......Singh warned that Stuxnet was targeting certain components of SCADA systems. The trojan, or a computer mole, installed by the malware detects SIMATIC WinCC and PCS 7 software programmes from Siemens, devised for SCADA systems, and makes queries to any discovered databases by using default passwords........'


EU Agency Says Stuxnet Portends Future Sophisticated Attacks

Dennis Fisher



'.......The European agency responsible for protecting the critical infrastructure of EU countries is warning its member states that the Stuxnet attack represents a major change in the malware landscape and that they should be prepared for further attacks with the same level of sophistication and professionalism.......'


Stuxnet worm targets industrial infrastructure



'......Stuxnet exploits five different vulnerabilities, four of which were 0-days:

LNK (MS10-046)

Print Spooler (MS10-061)

Server Service (MS08-067)

Privilege escalation via Keyboard layout file

Privilege escalation via Task Scheduler

The two Privilege escalations have not yet been patched.........'


Cyber Warfare: Stuxnet Worm Attacks Nuclear Site in Iran

Aaron Saenz



'.......The Bushehr nuclear power plant in Iran was the most likely target of the recent Stuxnet worm – a computer virus designed to disrupt and damage industrial equipment. According to the AFP, more than 30,000 IP addresses have been infected in Iran.......'


Stuxnet malware is a paradigm shift in the war to protect critical infrastructure



'.......The Stuxnet malware uses several vulnerabilities in the underlying Windows operating system for infection and propagation. Infection works via USB drives or open network shares. A root kit component hides the content of the malware on infected systems.........'


Control Systems are Not Safe – Stuxnet Worm Raises Security Concerns in India




'......According to the New Scientist, “…it is the first piece of malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like pumps, motors, alarms and valves in an industrial plant…” and furthermore, “…In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water contaminated with effluent at a sewage treatment plant, or the valves in an oil pipeline opened, contaminating the land or sea….”........'


Time to attack cyber crime with a strong security policy

Alan Dupont



'......Defence is a prime target; there has been an alarming increase in attacks against Australian Defence networks this year. In the US, the head of the new Cyber Command revealed the Pentagon's systems are probed by unauthorised users about 6 million times a day. Total losses to cyber crime globally may be as high as $1 trillion.........'




'.......“We can confirm that Insat-4 B doesn’t have a PLC. So the chances of the Stuxnet worm attacking it appear remote. In PLC’s place, Insat-4 B had its own indigenously-designed software which controlled the logic of the spacecraft,’’ said a source........'


Stuxnet worm ‘work of a government’



'......A computer worm which targets industrial and factory systems is almost certainly the work of a national government agency, security experts told the Guardian – but warn that it will be near-impossible to identify the culprit.........'


Iran makes Arrests After Stuxnet Attacks on Nuclear Facilities



'.......Commenting on the whole matter some analysts stated that Stuxnet malware may have been intended to target Iran's nuclear facilities, particularly the Russian-built first atomic power plant located in the southern city of Busheh.......'


Cyber threat: Isro rules out Stuxnet attack on Insat-4 B




'......Speaking to TOI from Bangalore on Monday, Isro officials, requesting anonymity, said that the worm only strikes a satellite’s programme logic controller (PLC).........'


Alert India averted Stuxnet bug threat

Sanjay Dutta



'......On July 24, CERT-In director general Gulshan Rai wrote to oil ministry director (vigilance) P K Singh and power ministry saying they had detected a malware that was exploiting a recently-disclosed zero-day vulnerability in Microsoft Windows Shell that was improperly handling shortcut files.....'


Adrift In Cyberspace

Ilan Berman



'.....The mysterious software being billed as the world’s first “cyber superweapon” made headlines last month when it was determined to be the source of a major attack on Iran’s nuclear facilities......'


Iran nuclear spies 'not behind Stuxnet'



'.......The Iranian intelligence minister has dismissed reports that nuclear spies who were recently arrested in Iran have been behind the spread of the Stuxnet computer worm.....'


Smart Grid Cyber-Security Gains Traction

Chris Haneback



'.......Take the intrusion of smart meters, for example. Scott Borg, head of the U.S. Cyber Consequences Unit, stated that it is feasible to attack large numbers of smart meters, which implies that any false sense of security derived from the fact that the large systems seem safe is very dangerous.....'



Stuxnet computer worm hits Iran’s nuke plant



'.......The Stuxnet is the first known worm to target critical industrial infrastructure. Computer security experts believe that it was a deliberate attack but they give no answer to the question - who has done it.....'


Was China Behind Stuxnet?

By Jason Miks



'....In response, Carr says DTH service provider SunDirect ‘ordered its servicemen to redirect customer satellite dishes to point to ASIASAT-5, a Chinese satellite owned and operated by Asia Satellite Telecommunications Co.’ Carr notes that one of AsiaSat’s two primary shareholders is a state-owned Chinese investment country.....'


Stopping the Next Stuxnet

Austin Bay



'....Enter the Stuxnet computer virus, first detected this past summer. If Stuxnet is not "weaponized malware" designed to strike a specific target and achieve specific military results, it is certainly an improved cyber-attack tool and a step closer to the dam-busting malware scenario.....'


European Cyber Warfare Event to address UK Strategic Defence Review



'.....Expert theory on the subject has indicated that in the event of cyber war, a nation could be most under threat from attacks on its transport services, health services or power supplies, or from large-scale financial fraud that could cripple the economy.....'



For Utilities, Stuxnet Worm Poses Real Threat to SCADA (and Business as Usual)

Andy Bochman



'.....By the way, the two-way power and data flow of the Smart Grid, a great enabler of hacking and attacking, will also improve our ability to do post mortems on cyber incidents. But as with many other types of cyber crime across the Web, it will often be super difficult to pin down the originator......'



Stuxnet: The Hitman Of Malware

Stan Shyshkin



'.....“It’s looking for specific things in specific places in these PLC devices. And that would really mean that it’s designed to look for a specific plant,” said Dale Peterson, CEO of Digital Bond....'



Stuxnet worm causes industry concern for security firms

By Rodney H. Brown



'.....“Systems that have never been considered as having a cyber dimension before have been exposed to what in other mediums is a traditional threat,” said Sam Curry, chief technologist for RSA, and CTO of global marketing for the security division of EMC Corp., which bought Bedford-based RSA Security Inc. for $2.1 billion in 2006......'



Stuxnet worm shows critical infrastructure attacks no longer just Hollywood hype

Harry Sverdlove



'.....Until the Stuxnet worm came to light, these types of attacks were more Hollywood fantasy than cyber reality. Now, the game has changed and the Stuxnet worm is bringing up important IT security issues that need to be addressed......'



France Warned of New Terror Threat



'.....Last month an alleged terror plot was unearthed that was said to threaten France, Britain, and Germany. Security sources said the plot was linked to al-Qaida and would have seen gunmen attack the streets of some of Europe’s largest cities.....'



Does Stuxnet herald the age of cyber warfare?

By Barry Neild



'.....Iranian officials have decried Stuxnet as an act of “computer terrorism” perpetrated by the “domineering powers.” They could be right, say experts who believe the worm’s potency and sophistication point to a possible state-sponsored cyber attack and perhaps a new era of warfare.....'



Cyber warfare has arrived

By Tomas Heard



'....In 1981, CIA director William J. Casey was informed of Soviet plans to steal Canadian industrial software to automate gas pipelines. In response, the CIA hatched a bold plan to create a software “Trojan Horse” which would hijack pumps and valves to create a catastrophic build-up in pressure....'



Stuxnet Worm Responsible for Destroying Indian Satellite



'....While Stuxnet had made its way to the Iran's first nuclear power plant, Carr stated that the Indian Space Research Organization (ISRO), which utilized the flaw Siemens devices, had also fallen prey to the Stuxnet worm......'





Stuxnet Malware

Thomas Brandstetter



'....Official communication presented at CIP Seminar 02-11-2010 by Thomas Brandstetter.....'




UK nuke station denies Stuxnet shutdown

Chris Williams



'....EDF declined to give a detailed technical explanation for the ongoing outage, citing regulations that forbid the release of such information. The regulations are designed to prevent distortion of the energy market based on speculation over when electricity production may resume......'




Stuxnet: An Amateur's Weapon

Gadi Evron



'....The same parameters apply with cyberattacks. From a technological standpoint, Stuxnet is very advanced and costly. It uses four vulnerabilities that hadn't been seen before to exploit computer systems for access. One of these enables an attacker to infect a computer by merely inserting a USB key........'




Security Firms Scramble For SCADA Talent After Stuxnet

Paul Roberts



'...."We realize we need new knowledge, but not new skills," O' Murchu said. "Its not like Stuxnet changes how AV researchers work, but new fields of expertise are needed. This is an area we're not well equipped for." ......'




The secret cyber war between India and China accelerates

By Surinder Khanna



'....While Chinese hackers are known to target Indian government websites, the scale and sophistication of Stuxnet suggests that only a government no less than that of countries like US, Israel or China could have done it. "I think it's more likely that China is behind Stuxnet than any other country," says American cyber warfare expert Jeffrey Carr.......'



EU Agency analysis of ‘Stuxnet’ malware: a paradigm shift in threats and Critical Information Infrastructure Protection




'....Large scale attacks on Critical Information Infrastructure needs a coordinated reaction, involving the key players from both public and private sector. No Member State, hardware/software vendor, CERT or law enforcement agency can successfully mitigate sophisticated attacks like Stuxnet on their own......'






'.....The following indicator list was developed by ICS-CERT and will be useful in detecting malicious files in systems infected with Stuxnet. Tests were performed on two systems. One system was a new installation of Windows XP SP3 that was subsequently infected with Stuxnet. The other machine was the same Windows configuration but also included Siemens WinCC and STEP 7 software installations. Based on these tests, ICS-CERT has determined that these indicators fall into two groups. Some indicators appear on systems whether or not they have Siemens WinCC/STEP 7 installed, and the others only appear on systems with WinCC/STEP 7 installed......'


Stuxnet created by Siemens insider'

Press TV



'....The worm may have been written by someone with detailed knowledge of Siemens' computer systems, Graham Cluley said on Friday. Speaking to Computer and technology news website, V3, Cluley said the person may possibly be a current or former employee of the German industrial giant whose control systems are widely used to manage industrial facilities such as oil rigs and power plants.  .....'


Iran Says It Arrested Computer Worm Suspects




'....Iran confirmed last week that the Stuxnet worm, a malicious self-replicating program that attacks computers that control industrial plants, had infected computers in its nuclear operations. Officials said it had been found in personal computers at the Bushehr nuclear plant, a power generator that is not believed to be part of a weapons program, and that it had not caused “serious damage” to government systems.......'


Russian experts flee Iran, escape dragnet for cyber worm smugglers



'....One of the Russian nuclear staffers, questioned in Moscow Sunday, Oct. 3 by Western sources, confirmed that many of his Russian colleagues had decided to leave with their families after team members were detained for questioning at the beginning of last week. He refused to give his name because he and his colleagues intend to return to Iran if the trouble blows over and the detainees are quickly released after questioning.......'