Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Worms On

Posted by CmdrTaco on from the squirmy-squirmy dept.

Numerous Stuxnet related stories continue to flow through my bin today, so brace yourself: Unsurprisingly, Iran blames Stuxnet on a plot set up by the West, designed to infect its nuclear facilities. A Symantec researcher analyzed the code and put forth attack scenarios. A Threatpost researcher writes about the sophistication of the worm. Finally, Dutch multinationals have revealed that the worm is also attacking them. We may never know what this thing was really all about.

3 of 141 comments (clear)

  1. Re:Never thought I would defend Iran, but... by LWATCDR · · Score: 3, Informative

    I wouldn't even say most likely the US or Israel. I don't think there are many nations that want a Nuclear Iran.
    The list should include.
    China
    Russia
    India
    All of the EU
    Egypt
    Most of the Middle East.
    I mean really this list is long and while this worm is probably outside the limits for some guy with a grudge it isn't outside the limits for any nation with a large university with a good CS department.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  2. Re:More details needed in story summary by MozeeToby · · Score: 3, Informative

    Speculation/rumor is that the attack vector was USB drives used by Russian contractors. That is also it's primary method of spread, but it may be able to spread over networks as well (reports that I've seen seem contradictory on that one). Further speculation/rumor has it that a possible "nuclear accident" at Iran's centrifuge facility last year may have been caused by this worm, if that is the case it is the only report of actual hardware being damaged that I've heard of and would 100% support the idea that the worm was targeted at Iran's nuclear facilities. Given the number of infections in Iran and the artificial three hop limit that the worm's writers gave it, it would seem the attack originated there.

    I think it's likely that the writers never planned on having the worm escape the target's network, I'm guessing someone at the nuke facility broke security protocol and took home a thumb drive that they weren't supposed to and it spread from there. The worm doesn't do much except take up cycles on systems that don't match the fingerprint that it is looking for, a fingerprint only makes sense if you're looking to take down a lot of identical systems, which lines up nicely with the centrifuge theory. Basically, it's highly likely that this was a government job, targeting Iran's centrifuges, done with inside knowledge of what systems they were using, and delivered using some pretty basic social engineering (leaving infected USB drives on the ground in the parking lot for instance).

  3. Re: The US by John+Hasler · · Score: 3, Informative

    Bullshit. The intelligence agencies never do anything without implicit authorization from the White House. They just sometimes find plausible deniability convenient. Occasionally they find it necessary to drive out a scapegoat.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.