Precursor To the Next Stuxnet? 49
An anonymous reader writes "On Oct. 14, 2011 Symantec was alerted to a malware sample from some recovered computers that demonstrated code similar to Stuxnet. This code however appears to serve a different purpose, apparently laying the groundwork for a future Stuxnet type of attack." Quoting Symantec: "The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."
After all the publicity Stuxnet created... (Score:2)
Re: (Score:3)
Not to mention that Stuxnet showed that one could do a major attack against a country without a single shot being fired.
Additionally, I'm sure the IRG has a bunch of coders looking to exact revenge... and there are a lot of IT departments run by lazy PHBs who believe in the slogan, "I can just call Geek Squad if we get hacked... otherwise it is too expensive to bother with security."
So, seeing something Stuxnet based is not a surprise... I just wonder what will be attacked first, some power company whose id
Re: (Score:2)
So, seeing something Stuxnet based is not a surprise... I just wonder what will be attacked first, some power company whose idea of security is ...
That's what first occurred to me. The last time we discussed this, a host of security people showed up to testify about the rampant lack of security they'd seen in this area. No air gap, the boss wants to access it from home, default passwords never changed, & etc. What Stuxnet really proved was how vulnerable many very important, powerful, and dangerous systems are. I mean, geez, viruses infiltrating Predator drone control networks? Yikes. Monumental failure doesn't begin to describe it.
Re: (Score:2)
Oh, and to finish this, what the US/Israel/$whoever could do to Iran, Iran can do to US/Israel/$whoever.
Re: (Score:2)
No. None of the above. Stux
You haven't been following (Score:1)
Re: (Score:1)
Re: (Score:2)
They wouldn't have to visit the site, just infect the USB drive of someone visiting the site. It'd be a lot easier to target someone who would have reason to visit the site, including foreign contractors.
Re: (Score:2)
They wouldn't have to visit the site, just infect the USB drive of someone visiting the site. It'd be a lot easier to target someone who would have reason to visit the site, including foreign contractors.
This is true and that may be how it happened with Stuxnet. If so, it may also have been the primary reason that Stuxnet met with limited success at best. Stuxnet spread too much for its own good. It was detected and analyzed a lot earlier than I suspect its creator would have preferred. The other thing that was likely unanticipated was that the size, complexity, and uniqueness of the code would attract attention from people with the drive to solve mysteries, the knowledge to actually attack the code, an
Original Authors? (Score:2)
The threat was written by the same authors (or those that have access to the Stuxnet source code)
Erm, the stuxnet code was released online, no?
Re:Original Authors? (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
That's funny, there was lots of talk about the code being out there. I never had much interest in looking for it though... I guess it was all BS.
I thought there was a lot of talk about the code, not about it being out there. You can get pretty far by just looking at the binaries.
Re: (Score:2)
Unless someone reverse-engineered the object code. It's been done for lesser reasons.
Duqu? (Score:3)
Duqu? Like the count?
Programmers are Star Wars nerds, Film at 11.
Next year, we'll have a worm called 4n4k1n which melts hard drives as if they were dropped into molten lava. Damn, evil geniuses used to give their doomsday weapons classy names like "Ice-9" or "Moonraker" or "Britney Spears".
Re: (Score:2)
*This is not the post you are looking to Buzz Kill with facts from the article*
Re: (Score:1)
Well, my guess would be that Dairy Queen is the author, they are planning to infect the ice cream factories to create a shortage of ice cream to increase their prices. The research lab discovered this, of course, but were paid off by Dairy Queen to keep it a secret, thus DQ is perverted into Duku to remove suspicion.
Hey, if at first you succeed... (Score:3)
Then you are clearly onto something good!
Seriously, if anyone thought that either a, whoever built Stuxnet or b, all those who said "Wow, that worked well..." wouldn't be stumbling over one another to release ver 2.0 either had their head buried in the sand, or there are pink unicorns farting rainbows in their existence.
I would go further again and say that if anyone thinks that the mega-corporations might not be looking at possible similar little ideas to say knock out a competitors new product range of TVs or to cause problems in that new line of cars with wifi spots is also sadly mistaken. It's not to say that I have a tinfoil hat on or the like, but this is "serious business" when it comes to potentially millions and millions of dollars. Just look at all the fuss and bad press that Toyota got when they had their "funny accelerator pedal" problem a while ago. I can't even remember what the eventual cause was, I do recall reading a number of amusing possible scenarios like particles from space, people getting confused with the pedals and a bunch more - but what if the next time it was simply a virus engineered by a rival manufacturer?
Re: (Score:2)
I can't even remember what the eventual cause was
Loose nuts behind the steering wheels.
Re: (Score:2)
"but what if the next time it was simply a virus engineered by a rival manufacturer?"
- or a virus engineered by somebody who wanted to short a company's stock...
Re: (Score:2)
"but what if the next time it was simply a virus engineered by a rival manufacturer?"
- or a virus engineered by somebody who wanted to short a company's stock...
See, you're getting it now!
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Seriously, if anyone thought that either a, whoever built Stuxnet or b, all those who said "Wow, that worked well..." wouldn't be stumbling over one another to release ver 2.0 either had their head buried in the sand, or there are pink unicorns farting rainbows in their existence.
It will be interesting to see if it does occur. A couple of interesting points:
Re: (Score:2)
Re: (Score:1)
I would go further again and say that if anyone thinks that the mega-corporations might not be looking at possible similar little ideas to say knock out a competitors ... Toyota got when they had their "funny accelerator pedal" problem a while ago. I can't even remember what the eventual cause was,
No major corporation would ever do this. Not because they are benevolent, but because the penalty for being caught would be huge: possible bankruptcy and liquidation following massive lawsuit and criminal investigation, plus jail time for the executives. Governments can get away with this because they write the laws and can enforce secrecy. Corporations will eventually be ratted out by their subcontractors.
Toyota: the problem was proven to be entirely due to driver error except due to a few cases of f
Re: (Score:2)
Re: (Score:2)
Maybe not such a bad thing... (Score:2)
Lovely! (Score:1)
Maybe Symnatec can let them attack Iran properly this time?
Re: (Score:2)
One word answer : money. Any mega-corp, and most midi- and mini- corps, will do pretty much anything for money. It's in the nature of being in business.
Why is it difficult to understand this?
Small attack vector (Score:1)
It seems that changing target from Siemens to NeXT is a very inefficient way to increase your attack vector. I mean how many NeXT computers are still around these days? ... And yeah, I know , but I really cant be bothered to read anything more than the headline of the articles these days.
Lot's of speculation (Score:2)
The trojan uses the exact same mechanism as Stuxnet, and has the same compilation date stamp.
This proves that the authors of Stuxnet are behind this? Really?
That stamp would be one of the first things I spoofed.