Stuxnet is this new stuff man or something.Anyone heard about Stuxnet?
-
CaptainBlood
- Newbie
- Posts: 2
- Joined: 18 Jul 2010, 16:32
- 13
Anyone heard about Stuxnet?
Stuxnet is this new stuff man or something.
Re: Anyone heard about Stuxnet?
old news 
"Siemens is scrambling to respond to the problem as the Stuxnet worm -- first reported late last week -- starts to spread around the world. Symantec is now logging about 9,000 attempted infections per day, according to Gerry Egan, a director with Symantec Security Response.
The worm spreads via USB sticks, CDs or networked file-sharing computers, taking advantage of a new and currently unpatched flaw in Microsoft's Windows operating system. But unless it finds the Siemens WinCC software on the computer, it simply copies itself wherever it can and goes silent.
Because SCADA systems are part of the critical infrastructure, security experts have worried that they may someday be subject to a devastating attack, but in this case the point of the worm appears to be information theft.
If Stuxnet does discover a Siemens SCADA system, it immediately uses the default password to start looking for project files, which it then tries to copy to an external website, Egan said.
"Whoever wrote the code really knew Siemens products," said Eric Byres, chief technology officer with SCADA security consulting firm Byres Security. "This is not an amateur."
By stealing a plant's SCADA secrets, counterfeiters could learn the manufacturing tricks needed to build a company's products, he said.
Byres' company has been flooded with calls from worried Siemens customers trying to figure out how to stay ahead of the worm.
US-CERT has put out an advisory (ICS-ALERT-10-196-01) for the worm, but the information is not publicly available. According to Byres, however, changing the WinCC password would prevent critical components of the system from interacting with the WinCC system that manages them. "My guess is you would basically disable your whole system if you disable the whole password."
That leaves Siemens customers in a tough spot.
They can, however, make changes so that their computers will no longer display the .lnk files used by the worm to spread from system to system. And they can also disable the Windows WebClient service that allows the worm to spread on a local area network. Late Friday, Microsoft released a security advisory explaining how to do this.
"Siemens has started to develop a solution, which can identify and systematically remove the malware," Siemens' Krampe said. He didn't say when the software would be available.
The Siemens system was designed "assuming that nobody would ever get into those passwords," Byres said. "It's an assumption that nobody will ever try very hard against you."
The default username and passwords used by the worm's writers have been publicly known since they were posted to the Web in 2008, Byres said."
DNR
"Siemens is scrambling to respond to the problem as the Stuxnet worm -- first reported late last week -- starts to spread around the world. Symantec is now logging about 9,000 attempted infections per day, according to Gerry Egan, a director with Symantec Security Response.
The worm spreads via USB sticks, CDs or networked file-sharing computers, taking advantage of a new and currently unpatched flaw in Microsoft's Windows operating system. But unless it finds the Siemens WinCC software on the computer, it simply copies itself wherever it can and goes silent.
Because SCADA systems are part of the critical infrastructure, security experts have worried that they may someday be subject to a devastating attack, but in this case the point of the worm appears to be information theft.
If Stuxnet does discover a Siemens SCADA system, it immediately uses the default password to start looking for project files, which it then tries to copy to an external website, Egan said.
"Whoever wrote the code really knew Siemens products," said Eric Byres, chief technology officer with SCADA security consulting firm Byres Security. "This is not an amateur."
By stealing a plant's SCADA secrets, counterfeiters could learn the manufacturing tricks needed to build a company's products, he said.
Byres' company has been flooded with calls from worried Siemens customers trying to figure out how to stay ahead of the worm.
US-CERT has put out an advisory (ICS-ALERT-10-196-01) for the worm, but the information is not publicly available. According to Byres, however, changing the WinCC password would prevent critical components of the system from interacting with the WinCC system that manages them. "My guess is you would basically disable your whole system if you disable the whole password."
That leaves Siemens customers in a tough spot.
They can, however, make changes so that their computers will no longer display the .lnk files used by the worm to spread from system to system. And they can also disable the Windows WebClient service that allows the worm to spread on a local area network. Late Friday, Microsoft released a security advisory explaining how to do this.
"Siemens has started to develop a solution, which can identify and systematically remove the malware," Siemens' Krampe said. He didn't say when the software would be available.
The Siemens system was designed "assuming that nobody would ever get into those passwords," Byres said. "It's an assumption that nobody will ever try very hard against you."
The default username and passwords used by the worm's writers have been publicly known since they were posted to the Web in 2008, Byres said."
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.