Stuxnet virus

snuffy · By: **snuffy** On: Thu Sep 23, 2010 11:36 pm

Beware of the Stuxnet virus. I just got hit with it and it circumvented my antivirus and spyware programs. Just wasted an hour trying to solve its symptoms which look like your antivirus software captured a trojan but in fact starts the replication process. Tried going back to a Restore point and so far the trojan hasn't shown up yet. This one's not gonna be nice for me anyway.

VigIIPeaBurner · By: **VigIIPeaBurner** On: Fri Sep 24, 2010 5:57 am

There's a link on Drudge today. Article states Stuxnet is serious cyber war weppon targeting powerplants using certain components/software. Speculation is it's targeting only one powerplant. Iran's infamous one none the less.

Yanche · By: **Yanche** On: Fri Sep 24, 2010 11:09 am

A technical summary description is on the Symantec web site. See:

http://www.symantec.com/connect/blogs/s ... da-devices

Unless your computer is connected to a PLC controller it's can't be a problem for you. That said if you get a "root kit" virus you have big problems. There will be a lot of miss informed reporting on this because you really have to understand what it's trying to do first. Something most reporters don't have the knowledge to do.

Here's the first paragraph quote from Symantec:

Begin quote:

As we’ve explained in our recent W32.Stuxnet blog series, Stuxnet infects Windows systems in its search for industrial control systems, often generically (but incorrectly) known as SCADA systems. Industrial control systems consist of Programmable Logic Controllers (PLCs), which can be thought of as mini-computers that can be programmed from a Windows system. These PLCs contain special code that controls the automation of industrial processes—for instance, to control machinery in a plant or a factory. Programmers use software (e.g., on a Windows PC) to create code and then upload their code to the PLCs.

End quote

Cap · By: **Cap** On: Fri Sep 24, 2010 7:33 pm

Yanche wrote:.

Here's the first paragraph quote from Symantec:

Begin quote:

As we’ve explained in our recent W32.Stuxnet blog series, Stuxnet infects Windows systems in its search for industrial control systems, often generically (but incorrectly) known as SCADA systems. Industrial control systems consist of Programmable Logic Controllers (PLCs), which can be thought of as mini-computers that can be programmed from a Windows system. These PLCs contain special code that controls the automation of industrial processes—for instance, to control machinery in a plant or a factory. Programmers use software (e.g., on a Windows PC) to create code and then upload their code to the PLCs.

End quote

Waste water plants are controlled with SCADA systems too. What a mess if that system fails.

Yanche · By: **Yanche** On: Fri Sep 24, 2010 8:25 pm

Let's put the potential problem in perspective. Sure there are a lot of industrial processes controlled by Programmable Logic Controller (PLC). But how many of them are connected to the internet? Once that waste water plan's operation is programmed it's not re-programed, especially not re-programed via an Internet connected computer. Programming of a PLC with an infected Windows computer is certainly possible, but it just identifies poor security procedures by the owner of the Windows computer.

snuffy · By: **snuffy** On: Fri Sep 24, 2010 10:32 pm

Yanche,

Can't tell you why I was hit but finally got it under control. Was using Avast on my primary laptop because McAfee was such a resource hog. Ditched the Avast today and finally got Mcafee up an running. My wife's desk chain was OK but it uses McAfee. Used a restore point from last week and that helped immensly. I have always "practiced safe computing" but in looking back this week I recall a pop-up that looked very muck like a Microsoft windows update but now I suspect it wasn't.

009to090 · By: **009to090** On: Sat Sep 25, 2010 7:51 am

Looks like Iran has problems with it now.....

Iran's nuclear agency trying to stop computer worm.
The semi-official ISNA news agency says Iranian nuclear experts met this week to discuss how to remove the malicious computer code, dubbed Stuxnet, which can take over systems that control the inner workings of industrial plants.

Experts in Germany discovered the worm in July. It has since shown up in attacks in Iran, Indonesia, India and the U.S.

Friday's report said the malware had spread throughout Iran, but did not elaborate. Foreign media reports have speculated the worm was aimed at disrupting Iran's first nuclear power plant, which is to go online in October

http://news.yahoo.com/s/ap/20100925/ap_ ... er_attacks

SMITTY · By: **SMITTY** On: Sat Sep 25, 2010 7:19 pm

Good!!

I had McAfee for years & contracted a nasty root kit that cost me hundreds of dollars for a diagnosis that fixed nothing. :mad:

I ended up replacing the PC with this current one that I now have.

This new one has Avast, & so far so good. So bottom line is it doesn't matter what you have. Sooner or later your number comes up. I choose not to pay for the inevitable.

snuffy · By: **snuffy** On: Tue Sep 28, 2010 11:18 pm

After three days of intense scrubbing the drives with Microsoft downloads and McAfee I think I'm ready to throw in the towel on the Inspirion. I determined that I may have picked up the malware from Siemens wind power internet site that I was on about a week ago. I understand it was hit because of its relationship with Iran. I guess I was one of the unlucky 2% in the US that got hit by it. It works in fits and McAfee shows it has 51 "Issues" that it can't seem to get at. I don't trust the files on the hard drive but fortunately I backed up the laptop about four weeks ago so I shouldn't be in to bad a shape. Just hate to repurchase all the vapor software again and going through the timely install.

Yanche · By: **Yanche** On: Thu Oct 14, 2010 9:56 am

The technical details of the Stuxnet virus are starting to become public. I'm a life member of the IEEE, a professional society for electrical engineers. The IEEE has a pod cast series on technical topics. They just released a 20 minute pod cast on Stuxnet. It's really, really scary as to what mutations of the virus could do. I encourage each of you to listen to it. To fully understand the technical details requires some Windows and computer programing knowledge. You can skip over it and get to near the end were the pod cast describes what the future mutations of the virus can do.

Here's the IEEE's introduction:

Begin quote .......

Stuxnet is no ordinary virus. It will do damage only if it worms its way into a particular industrial control system made by Siemens. These “programmable logic controllers,” as they’re known, are used to control automated processes in some key industrial settings, including chemical plants, oil refineries, pipelines, and perhaps most important, nuclear power plants. Host Steven Cherry talks with security expert Ralph Langner, who has cracked many of the virus’s secrets, about why Stuxnet is just the beginning of many more industry-targeted cyberattacks yet to come.

End quote.

The link to the pod cast:

http://spectrum.ieee.org/podcast/teleco ... ign=101410

dll · By: **dll** On: Fri Oct 22, 2010 5:12 pm

Here is a quote from one of my favorite blogs. Computing At Chaos Manor
http://www.chaosmanorreviews.com/oa/201 ... 19_col.php

Emphasis is mine.

The Largest Non-Nuclear Explosion Seen from Space And Other Stories.

Viruses, worms, and Trojan horse software packages are nothing new, and some have had rather important effects. For example we have stories of the infection of Iran's computers which control their nuclear program being widely infected by Stuxnet, with what long term effects we don't know. Since most Iranian software is pirated and thus not maintained and updated, it's possible the effects will be quite profound, not only on the nuclear program, but on Iranian commerce in general. I expect to find out more about this in the near future.

Another story of deliberate software infection with large effects has been circulating for years. William Safire told it. I knew Safire, but not well: we were both paid speakers at several conferences, one as I recall at Sandia. He had a reputation for reliability - and I have other sources for this story. The USSR was notorious for its industrial espionage. This was in the early 1980's, when software was more mysterious than now, and the Soviets were trying to restrict access to computers, so that their smartest programmers often didn't have frequent access to the machines they programmed. This generated a desperate need for software for industrial processes, including control of natural gas pipelines. The Soviets couldn't buy the software they needed because the US blocked the sales, so they stole it; only the US was waiting for that and poisoned the well. The result was that they lost control of the pipeline and the result was the single largest non-nuclear explosion in history. It was so bright that USAF sources at the time thought this might be an attempt to blind our observation satellites.

Most viruses and Trojans won't have that dramatic an effect...

Yanche · By: **Yanche** On: Wed Aug 03, 2011 9:19 am

It's been over a year since the STUTNEX virus or worm has been discovered. This worm was targeted at Iran's nuclear fuel enrichment facilities. Lot's of analysis has been done by security vendors worldwide. The worms capabilities is now well understood and the implications are frightening. The YouTube video link below describes the worm and the likelihood it will be re-purposed for another use.

http://www.youtube.com/user/TEDtalksDir ... S01Hmjv1pQ

I suggest all to watch the video, even if you are not technically inclined. Just gloss over the tech stuff and try to understand the implications for any industrial control system, e.g. power plant, public water system, oil refinery, etc.

For those that might want more technical details send me a PM and I'll send you additional links.

SMITTY · By: **SMITTY** On: Thu Aug 04, 2011 11:09 am

That is fascinating. I wish I knew more about how these computers work. Sounds like a great weapon to keep Iran from going nuclear .... as long as it's not used against us.

Geesh now this has my conspiracy-theory side working in overdrive ....... this explains all these automotive problems that never happened before OBD-II. Also explains why, in 2011, PC's still constantly screw up & drive us insane. All they have to do is engineer that into the unit, thereby making future sales a certainty. Makes you wonder ... :gee:

Stuxnet virus

Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus

Re: Stuxnet virus