The Stuxnet Train Rolls On…
… albeit more slowly than previously. Added to the resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 today:
A nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged as the most sophisticated malware ever. See, for instance, http://gcn.com/articles/2011/01/18/black-hat-stuxnet-not-superworm.aspx. (Hat tip to Security Garden for the pointer.)
Eugene Kaspersky suggests that it's easy for blackhats to repurpose Stuxnet's code to attack other systems, and brings in some tenuously related earlier problems (power failures on the US East Coast in 2003, the Spanish air-crash in 2008). I'm not convinced… The payload is not so easy to analyse, let alone to port it to a different environment, while the 0-days are no longer 0-days or anything like it. http://computerworld.co.nz/news.nsf/news/cut-price-stuxnet-successors-possible-kaspersky (Hat tip to Steve Gold for the pointer.)
Ralph Langner's TED talk on "Cracking Stuxnet" is online: http://on.ted.com/Stuxnet
(ISC)2 Government Advisory Board Executive Writers Bureau, not altogether accurately on some of the technical points, on How Stuxnet changed the security game. Interesting read, though.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Leave a Reply
- David Harley (743)
- Randy Abrams (431)
- Cameron Camp (111)
- Stephen Cobb (62)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (29)
- Andrew Lee (15)
- Jeff Debrosse (12)
- Robert Lipovsky (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Peter Stancik (4)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
- Aleksandr Matrosov (2)
RSS
