Stuxnet malware

[electronicsfreak]

Interesting read

http://news.yahoo.com/s/csm/327178

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon

 

[xit]

Very interesting indeed, a little usb drive could do untold damage. What matters is who is running the show.

xit

 

[Noway2]

This interesting document was released yesterday: Stuxnet_Dossier.pdf

It is a .pdf of a whitepaper from Symantec. It is 2.5MB long.

 

[IPGuru]

If I read things correctly this is hardly new
We were discussing the USB exploit at the end ouf August
Thread760-161-2534

I do not Have A.D.D. im just easily, Hey look a Squirrel!

 

[Noway2]

In that regard, Stuxnet is not new. It has actually been around a while and started receiving notoriety this summer. It continues to be analyzed and more fascinating information continues to be found out about it. If I recall correctly, yes, the USB exploit was the icon issue, one of the zero-day exploits in windows that this used.

So far it looks like it scores in several firsts in regards to its complexity and scale.
1 - it is probably the most complex piece of malware ever discovered.
2 - it is suspected as having been created by a national govt entity and used as a weapon against a specific target.
3 - It targets, industrial embedded computers (PLCs) that are (typically) significantly more hardened in both their hardware and software compared to conventional PCs
4 - it successfully uses the Man In The Middle attack to get around encryption certificates, using certificates from a "trusted" entity.
5 - it uses multiple (4) zero day exploits, including two previously unknown ones. Makes you wonder about the push to release the Windows source code a few years back.

While, in my opinion, it doesn't represent a direct threat to the commercial PC arena, it does take computer malware to a new level.