http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=228200330 By Kelly Jackson Higgins DarkReading Nov 05, 2010 Conspiracy theories have run rampant ever since the Stuxnet worm was discovered this year, with speculation ranging from an inside job at Siemens to a nation state-sponsored targeted attack against Iran's nuclear operations. But what still doesn't add up with any of these scenarios is how Stuxnet spread outside the facility's SCADA systems to Windows machines around the world. Stuxnet has been under the microscope for months as researchers around the world have picked apart and analyzed the malware's makeup and possible intent. No one knows for sure who is behind it or its specific goal, but fingers have been pointed at Israel, the U.S., France, Germany, and England as a nation-state targeting Iran's nuclear activities. But the trouble with all of the speculation is that much of it comes out of anti-malware analysis that looks at what the code did and how it affected victim machines versus who was actually responsible for writing it, says Tom Parker, director of security consulting services at Securicon. "That makes sense, of course, because a lot of business demands answering those questions. But it's not a good idea to use those same tools for attribution," says Parker, who will offer up a different method for malware attribution in a talk at Black Hat Abu Dhabi next week. Parker has done some analysis of his own on Stuxnet, using a homegrown tool he created to trace the malware writers. His tool doesn't work like antivirus: "It monitors a system and looks for behavior patterns within code. If it sees a certain sequence of behaviors that are associated with certain malicious activity," it compares it with similar behavior, he says. "Certain AV engines work a tiny bit like that," he adds. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Sun Nov 07 2010 - 22:15:21 PST
This archive was generated by hypermail 2.2.0 : Sun Nov 07 2010 - 22:25:47 PST