Stuxnet Paper Updated
Speculation continues to rage about Stuxnet, now rumoured to have infected an English nuclear powerplant , though French owners EDF have denied it. But at least the estimable Rob Rosenberger shares my dislike of what he calls "this fetish for sexy computer news" in a recent SecurityCritics newsletter, and cites my recent blog at (ISC)2 as well as luminaries such as Bruce Schneier, Mary Landesman, and Chet Wisniewski.
In the meantime, the "Stuxnet under the microscope" white paper has been updated.today on the ESET white papers page: details follow.
Stuxnet Under the Microscope
By Alexandr Matrosov, Eugene Rodionov, David Harley and Juraj Malcho, September 2010
Version 1.2 of a comprehensive analysis of the Stuxnet phenomenon, updated to include pointers to additional resources and some further information on the Task Scheduler exploit as yet unpatched.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
One Response to “Stuxnet Paper Updated”
Leave a Reply
- David Harley (743)
- Randy Abrams (431)
- Cameron Camp (111)
- Stephen Cobb (62)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (29)
- Andrew Lee (15)
- Jeff Debrosse (12)
- Robert Lipovsky (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Peter Stancik (4)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
- Aleksandr Matrosov (2)
RSS
November 9th, 2010 at 7:56 am
Could you tell me about the task scheduler vulnerability account environment in win7?
I tested some account cases.
1. a normal user with no password
- Cannot create a job
2. a normal user with password
- can create a job but it requires a password input so I think stuxnet's malcode is not doing well..
(malcode doesn't know user's password)
3. a admin user with password
- can create a job
- it doesn't matter forging crc32
- just make a job xml files with system privilege and create it as a job, have done.
which account is correct case of stuxnet?
thank you