Overclock.net › Forums › Industry News › Technology and Science News › [SYM] [GIZ] New Version of Stuxnet-Related Cyber Weapon Discovered
New Posts  All Forums:Forum Nav:

[SYM] [GIZ] New Version of Stuxnet-Related Cyber Weapon Discovered

post #1 of 7
Thread Starter 
Quote:
Based on the similarity in code, whoever wrote Duqu, researchers say, either also wrote Stuxnet or had access to the powerful worm’s source code, which was never made public. As of November of last year, the original Duqu worm was believed to have infected systems in countries from Vietnam to France, including Iran.

Source
Quote:
Checking the code we can see the authors have changed just enough of the threat to evade some security product detections, although this appears to have only been partially successful One of the more significant changes to the code is the encryption algorithm they use to encrypt the other components on disk.

…Another difference is the old driver file was signed with a stolen certificate-and this one is not. Also the version information is different in this new version compared to the previous version we have seen. In this case, the Duqu file is pretending to be a Microsoft Class driver.

Alternate Source


well this is concerning, it seems it can actually pretend to be an actual driver that's verified :/, i put two sources in, as gizmodo and abc both did their own digging with this, and both articles are worth a read.
Edited by scotty453 - 3/24/12 at 10:10am
    
CPUMotherboardGraphicsRAM
AMD Ryzen 1700 @3.742 ghz ASUS Prime Plus B350 AMD Radeon 7850 16 GB Corsair Vengeance LPX 
Hard DriveOptical DriveOSMonitor
Crucial MX300 525 GB Samsung Blu-ray rw Windows 7 Home Dell Ultrasharp 23 inch 
KeyboardPowerMouseMouse Pad
Logitech G910 Keyboard Corsair GS 700 Logitech G402 Mouse Saitek Cyborg silicon mouse pad 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD Ryzen 1700 @3.742 ghz ASUS Prime Plus B350 AMD Radeon 7850 16 GB Corsair Vengeance LPX 
Hard DriveOptical DriveOSMonitor
Crucial MX300 525 GB Samsung Blu-ray rw Windows 7 Home Dell Ultrasharp 23 inch 
KeyboardPowerMouseMouse Pad
Logitech G910 Keyboard Corsair GS 700 Logitech G402 Mouse Saitek Cyborg silicon mouse pad 
  hide details  
Reply
post #2 of 7
You'd think major military infrastructure would use Unix, Linux or at least a custom windows....
Workoholic
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600K P8Z68-V PRO NVIDIA GeForce GTX 570 G.Skill 
Hard DriveOptical DriveOSMonitor
Intel 520 Series ASUS DVD+RW Windows 7 Ultimate 20.1" Samsung 
KeyboardPowerCaseMouse
Logitech G15 Corsair 620 Modular Lian Li V1020B G9x 
Mouse Pad
Custom Cloth Pad 
  hide details  
Reply
Workoholic
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600K P8Z68-V PRO NVIDIA GeForce GTX 570 G.Skill 
Hard DriveOptical DriveOSMonitor
Intel 520 Series ASUS DVD+RW Windows 7 Ultimate 20.1" Samsung 
KeyboardPowerCaseMouse
Logitech G15 Corsair 620 Modular Lian Li V1020B G9x 
Mouse Pad
Custom Cloth Pad 
  hide details  
Reply
post #3 of 7
Well if it's Stuxnet related... don't worry too much OP, unless of course you have a massive uranium refining operation underway in your basement ph34r-smiley.gif
Black Dynamite
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 875K ~ 4.027Ghz(22x183)@1.388v HT on EVGA P55 SLI E655 EVGA GTX 480 SC - [903c/2100m] G.Skill PC17600-(2200Mhz)-CL7-4GB Pi's 
Hard DriveOptical DriveOSMonitor
64GB Corsair C300 (OS)-300GB Vraptor-1TB WD Black Samsung Super Writemaster DVD-R/RW Windows 7 Home Prem. 64 bit 40" Toshiba 1080p HD 
KeyboardPowerCaseMouse
Logitech G15 Corsair TX850W Silverstone TJ09-B Logitech G9x 
Mouse Pad
Rocketfish game pad 
  hide details  
Reply
Black Dynamite
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 875K ~ 4.027Ghz(22x183)@1.388v HT on EVGA P55 SLI E655 EVGA GTX 480 SC - [903c/2100m] G.Skill PC17600-(2200Mhz)-CL7-4GB Pi's 
Hard DriveOptical DriveOSMonitor
64GB Corsair C300 (OS)-300GB Vraptor-1TB WD Black Samsung Super Writemaster DVD-R/RW Windows 7 Home Prem. 64 bit 40" Toshiba 1080p HD 
KeyboardPowerCaseMouse
Logitech G15 Corsair TX850W Silverstone TJ09-B Logitech G9x 
Mouse Pad
Rocketfish game pad 
  hide details  
Reply
post #4 of 7
Holy crap, I knew this would happen. When stuxnet came out i was thinking, oh boy, here we go, only a matter of time till it gets dissected, modified, and re-released... this is not a good sign.
My rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
i7-6700k Asus Z170-A Zotac GTX 1070 Corsair Vengeance 32 GB DDR4 3000 
Hard DriveCoolingOSPower
525 GB Crucial MX300 CM212 Windows 7 Ultimate 64 bit 750 Watt Corsair HX750i 
CaseMouse
Lian Li PC60 Razer Mamba 
  hide details  
Reply
My rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
i7-6700k Asus Z170-A Zotac GTX 1070 Corsair Vengeance 32 GB DDR4 3000 
Hard DriveCoolingOSPower
525 GB Crucial MX300 CM212 Windows 7 Ultimate 64 bit 750 Watt Corsair HX750i 
CaseMouse
Lian Li PC60 Razer Mamba 
  hide details  
Reply
post #5 of 7
The ABC link 404's and the Giz article is really short. Symantec has a much more detailed write up: http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild
 
Wild eyes (2015)
(10 items)
 
 
CPUMotherboardGraphicsRAM
AMD Ryzen 7 1700 3.8GHz at 1.232v ASRock Fatal1ty X370 Gaming-ITX/ac MSI GTX 1080Ti FE 1750MHz at 0.8v G.SKILL TridentZ 2x8GB 3466MHz 
Hard DriveCoolingOSMonitor
Samsung 950 PRO M.2 256GB SSD Noctua NH-U9S Windows 10 Home Retail Acer XB270HU 
PowerCase
Corsair SF600 NCase M1 
CPUMotherboardGraphicsRAM
i7 5960X 4.6GHz at 1.2V  Asus X99 Deluxe Evga 980 Ti SC+ Corsair Dominator Platinum 16GB at 2666 MHz 16-... 
Hard DriveCoolingOSMonitor
Samsung 950 Pro 256GB EK Supremacy EVO, EK Titan X Full Cover, EK X99... Windows 10 Home retail Acer Predator XB270HU 
PowerCase
Seasonic SS-760XP2 Corsair Air 540 White 
CPUMotherboardGraphicsRAM
AMD FX-8350 5GHz at 1.524v ASUS Crosshair V Formula-Z Sapphire R9 290X with EK water block 2x4GB G.Skill Trident X 2500MHz 9-11-11 1.68v  
Hard DriveCoolingOSMonitor
Samsung 850 Pro 256GB + 2x Seagate 3TB HDDs Koolance CPU-380A water block Windows 7 64-bit Home Premium BenQ XL2720Z 
PowerCase
Seasonic X 650 Gold Lian Li PC-T60B test bench 
  hide details  
Reply
 
Wild eyes (2015)
(10 items)
 
 
CPUMotherboardGraphicsRAM
AMD Ryzen 7 1700 3.8GHz at 1.232v ASRock Fatal1ty X370 Gaming-ITX/ac MSI GTX 1080Ti FE 1750MHz at 0.8v G.SKILL TridentZ 2x8GB 3466MHz 
Hard DriveCoolingOSMonitor
Samsung 950 PRO M.2 256GB SSD Noctua NH-U9S Windows 10 Home Retail Acer XB270HU 
PowerCase
Corsair SF600 NCase M1 
CPUMotherboardGraphicsRAM
i7 5960X 4.6GHz at 1.2V  Asus X99 Deluxe Evga 980 Ti SC+ Corsair Dominator Platinum 16GB at 2666 MHz 16-... 
Hard DriveCoolingOSMonitor
Samsung 950 Pro 256GB EK Supremacy EVO, EK Titan X Full Cover, EK X99... Windows 10 Home retail Acer Predator XB270HU 
PowerCase
Seasonic SS-760XP2 Corsair Air 540 White 
CPUMotherboardGraphicsRAM
AMD FX-8350 5GHz at 1.524v ASUS Crosshair V Formula-Z Sapphire R9 290X with EK water block 2x4GB G.Skill Trident X 2500MHz 9-11-11 1.68v  
Hard DriveCoolingOSMonitor
Samsung 850 Pro 256GB + 2x Seagate 3TB HDDs Koolance CPU-380A water block Windows 7 64-bit Home Premium BenQ XL2720Z 
PowerCase
Seasonic X 650 Gold Lian Li PC-T60B test bench 
  hide details  
Reply
post #6 of 7
the problem is if the virus is modified to affect PLCs other than just the Siemens ones used in the centrifuges. There are countless industries and utilities out there that rely on PLCs and the computers that control them (to the other poster - most of this software is written for WIndows OS I believe) and this virus being highly modular, it would be quite easy to modify.
sleeper cell
(10 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 840 ASUS M4A89GTD-PRO/USB3 890GX (integrated) G.Skill ECO DDR3 1600 CL8 1.35V 
Hard DriveHard DriveHard DriveOS
Samsung 830 SSD OCZ Onyx solid state WD Caviar Black Win7 64bit 
CaseAudio
Define R4 M-Audio Pro USB 
  hide details  
Reply
sleeper cell
(10 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 840 ASUS M4A89GTD-PRO/USB3 890GX (integrated) G.Skill ECO DDR3 1600 CL8 1.35V 
Hard DriveHard DriveHard DriveOS
Samsung 830 SSD OCZ Onyx solid state WD Caviar Black Win7 64bit 
CaseAudio
Define R4 M-Audio Pro USB 
  hide details  
Reply
post #7 of 7
Quote:
Originally Posted by MGX1016 View Post

You'd think major military infrastructure would use Unix, Linux or at least a custom windows....


I'm sure this will put pressure on Siemens to add Linux support to their software.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [SYM] [GIZ] New Version of Stuxnet-Related Cyber Weapon Discovered