[ISN] Lame Stuxnet worm 'full of errors', says security consultant

From: InfoSec News <alerts_at_private>
Date: Thu, 20 Jan 2011 05:11:26 -0600 (CST)
http://www.theregister.co.uk/2011/01/19/stuxnet_male_decry_security_researchers/

By John Leyden
The Register
19th January 2011

Far from being cyber-spy geniuses with ninja-like black-hat coding 
skills, the developers of Stuxnet made a number of mistakes that exposed 
their malware to earlier detection and meant the worm spread more widely 
than intended.

Stuxnet, the infamous worm that infected SCADA-based computer control 
systems, is sometimes described as the world's first cyber-security 
weapon. It managed to infect facilities tied to Iran's controversial 
nuclear programme before re-programming control systems to spin up 
high-speed centrifuges and slow them down, inducing more failures than 
normal as a result. The malware used rootkit-style functionality to hide 
its presence on infected systems. In addition, Stuxnet made use of four 
zero-day Windows exploits as well as stolen digital certificates.

All this failed to impress security consultant Tom Parker, who told the 
Black Hat DC conference on Tuesday that the developers of Stuxnet had 
made several mistakes. For one thing, the command-and-control mechanisms 
used by the worm were inelegant, not least because they sent commands in 
the clear. The worm spread widely across the net, something Parker 
argued was ill-suited for the presumed purpose of the worm as a 
mechanism for targeted computer sabotage. Lastly, the code-obfuscation 
techniques were lame.

Parker doesn't dispute that the worm is as sophisticated as most 
previous analysis would suggest, or that it took considerable skills and 
testing to develop. "Whoever did this needed to know WinCC programming, 
Step 7, they needed platform process knowledge, the ability to reverse 
engineer a number of file formats, kernel rootkit development and 
exploit development," Parker said, Threatpost reports. "That's a broad 
set of skills.”

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Thu Jan 20 2011 - 03:11:26 PST

This archive was generated by hypermail 2.2.0 : Thu Jan 20 2011 - 03:22:26 PST