ESET Threat Blog

For the last few days, much malware research time has been devoted to the brand-new malware that ESET calls Win32/Duqu. One of the features that makes this kind of malware particularly interesting is that it very closely resembles Stuxnet, one of the most sophisticated worms of recent years. Last year we performed in-depth analysis of … Read More…

[Extra link and commentary added 26th September 2011; extra link added 27th September]
I notice there's a flurry of articles around the "Stuxnet anniversary" and "After Stuxnet" themes. Some of them are even interesting, if not always for the right reasons…
I'll be back to this, though probably not today. Watch this space.

After Stuxnet, waiting on Pandora’s … Read More…

I just came across a post from The H telling us that US government warns of potential Stuxnet variants. Of course, concern about the availability and possible portability of the code is hardly a new concern, but it turns out the article refers to a "Statement for the Record" to the (deep breath) United States House … Read More…

I've stopped maintaining Stuxnet resource pages recently, but occasionally I come across an article that adds something useful to the mix, or simply summarizes aspects of the Stuxnet story neatly and accurately. Besides, its authors must be feeling a little left out with all that fuss about TDL4.
A recent report in Wired gives … Read More…

In fact, the main point of the article I just sent up to SC Magazine's Cybercrime Corner, "Stuxnet: Paradigms Lost and Paradise Regained" is that the 'next Stuxnet' probably won't be any such thing, whatever we may choose to call it.
Stuxnet was certainly a warning, but the message is a bit less dramatic than a … Read More…

Cyber Security pundits have been keenly watching the development of nascent state targeted attacks such as the Stuxnet worm with interest for some time and warning of the possible implications, but now it’s official. According to The Wall Street Journal,
“The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public next … Read More…

… albeit more slowly than previously. Added to the resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 today:
A nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged as the most sophisticated malware ever. See, for instance, http://gcn.com/articles/2011/01/18/black-hat-stuxnet-not-superworm.aspx. (Hat tip to Security Garden for the pointer.)
Eugene Kaspersky … Read More…

Kelly Jackson Higgins in a Dark Reading article tells us that Malware Attacks Decline In SCADA, Industrial Control Systems, quoting a report published by the Security Incidents Organization drawing on its Repository of Industrial Security Incidents (RISI) database.
One aspect that's attracted attention on specialist lists is the mention of a large US power company that … Read More…

Added 5th March 2011 to the Stuxnet resources page at http://blog.eset.com/?p=5945.

Myriam Dunn Cavelty at Parliamentary Brief Online (29 October 2010): The real cyberwar is about beating the crooks and the spooks
Myriam Dunn Cavelty and Oliver Rolofs for Munich Security Conference: MSC Booklet Paper: From Cyberwar to Cybersecurity: Proportionality of Fear and Countermeasures

Hat tip to @vmyths, … Read More…

Added to the Stuxnet resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 on 4th March 2011:
Ralph Langner at the TED Conference, as summarized by the BBC: US and Israel were behind Stuxnet claims researcher.
As previously mentioned at http://blog.eset.com/2011/03/03/nice-stuxnet-commentary-and-hype-deflation. (Hat tip to Mikko Hypponen. Again!)
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
jQuery(document).ready(function($) { window.setTimeout(‘loadLinkedin_6259()’,1000);window.setTimeout(‘loadFBLike_6259()’,1000);window.setTimeout(‘loadGoogle1_6259()’,1000);window.setTimeout(‘loadGBuzz_6259()’,1000);window.setTimeout(‘loadTwitter_6259()’,1000); }); function loadLinkedin_6259(){ jQuery(document).ready(function($) { … Read More…