Slashdot Mirror

← Back to Stories (view on slashdot.org)

There's a Stuxnet Copycat, and We Have No Idea Where It Came From (vice.com)

Posted by msmash on from the digital-weapon-round-two dept.

Joseph Cox, reporting for Motherboard: After details emerged of Stuxnet, arguably the world's first digital weapon, there were concerns that other hackers would copy its techniques. Now, researchers have disclosed a piece of industrial control systems (ICS) malware inspired heavily by Stuxnet. Although the copycat malware -- dubbed IRONGATE by cybersecurity company FireEye -- only works in a simulated environment it, like Stuxnet, replaces certain types of files, and was seemingly written to target a specific control system configuration. [...] IRONGATE works within a simulated Siemens environment called PLCSIM, used for testing programs before they are pushed out into the field. Like Stuxnet, IRONGATE replaces a Dynamic Link Library (DLL), a small collection of code that can be used by different programs at the same time, with a malicious one of its own. IRONGATE's DLL records five seconds of traffic from the Siemens' system to the user interface, and replays it over again, potentially tricking whoever is monitoring the system into thinking everything is fine, while the malware might manipulate something else in the background.Dark Reading's coverage on this is also worth a read.

30 comments

  1. "no idea" by Anonymous Coward · · Score: 0

    Please read this thread.

    https://twitter.com/da_667/status/738463931988094976

    1. Re:"no idea" by Anonymous Coward · · Score: 0

      fascinating

  2. Re:GAY NIG.GER GNAA FucktNet for ASS PROBING by Anonymous Coward · · Score: 0

    Wow... is it 2004 Livejournal all over again?

  3. We have no idea where it came from? Yeah right. by U2xhc2hkb3QgU3Vja3M · · Score: 0

    Do you want to get Skynet? Because that's how you get Skynet.

  4. We Have No Idea Where It Came From... by __aaclcg7560 · · Score: 3, Funny

    Stack Overflow?

  5. (((We))) have no idea by Anonymous Coward · · Score: 0

    It came from Israel. Why feign ignorance?

    1. Re:(((We))) have no idea by Anonymous Coward · · Score: 0

      OY VEY SHUT IT DOWN

  6. Too advanced to detect? by Anonymous Coward · · Score: 0

    Ok now that is pretty advanced. How exactly is a anti-virus app supposed to detect and remove that in real time? Daym!

    1. Re:Too advanced to detect? by Anonymous Coward · · Score: 0

      By checking (Am I running?) - if yes, no virus, but if no, then virus.

  7. that's why you buy American! by Anonymous Coward · · Score: 0

    L85E

    Yes, that's a $20,000+ PLC there, boys

  8. Fake VMs for protection... by Anonymous Coward · · Score: 0

    I am pretty sure that there are more advanced/complicated/effective ways to test to see if you are running in a VM but you could always recreate the particular folders and registry keys looked for to appear that your main OS is running within a virtual machine. This would, at a minimum, stop the simpler malware that attempts to block analysis...

  9. IRONGATE replaces a Dynamic Link Library (DLL) by khz6955 · · Score: 1

    Presumably this 'digital weapon' only runs on Microsoft Windows ©

    1. Re:IRONGATE replaces a Dynamic Link Library (DLL) by Anonymous Coward · · Score: 0

      You can of course install wine on your Linux ICS to be compatible with other vendors. Perhaps we should soon add IRONGATE to this list? https://en.wikipedia.org/wiki/List_of_automation_protocols

  10. not worth reading by xeno · · Score: 4, Insightful

    I got to "Stuxnet, arguably the world's first digital weapon" and hit the limit for stupid in the first sentence. No need to read further.
    I could also argue that dirt is water, and it'd be just as ridiculous.

    How about Buckshot Yankee in 2005, using a modified version of agent.btz that combined compromise with persistence, worm, and staging tool?
    How about the automation portion of Titan Rain in 2003, that combined seeking, filtering, persisting, gathering, and moving on?
    Or maybe the 2007 Sinowal/Torpig/Mebroot variants that were pretty much fully autonomous self-updating weapons once launched -- do weapons against commercial entities not count as much as weapons from or toward nation-states?
    Does none of that count? Stuxnet had more self-contained payload tuned for the target environment, but less self-updating/persistence and other capabilities. So what the hell kind of n00b idiocy is "world's first digital weapon"?

    FFS, if you don't know the first thing about history, please don't try to pontificate on the topic.

    --
    I think not...(*poof*)
    1. Re:not worth reading by rtb61 · · Score: 2

      Technically the first digital weapons arose around https://en.wikipedia.org/wiki/.... Breaking a machine generated code by other machines and used in war, hence the first examples of digital warfare. The current effort is just an example of the mass stupidity of the CIA and NSA in releasing weapons that can be readily discovered post use, and easily edited and copied and infinite number of times. Stupid is as stupid does. Those morons keep playing computer wars and the rest of us will end up with the consequences of the ultimate weapon in digital wars, electro magnetic pulses. That is the guaranteed inevitable result of the current stupid escalation.

      --
      Chaos - everything, everywhere, everywhen
    2. Re:not worth reading by jantangring · · Score: 1

      These were super cool references, and you are obviously very knowledgeble.

      ”Weapon” is just a metaphor.

      Stuxnet/Olympic Games caused physical damage, that was a first (counting only well documented cases).

    3. Re:not worth reading by apoc.famine · · Score: 1

      It's also pretty frustrating that neither the submitter nor the editor could find a better article. This is not /. material. An article that's factually wrong and which explains what a DLL is does not belong here.

      --
      Velociraptor = Distiraptor / Timeraptor
    4. Re:not worth reading by cyberchondriac · · Score: 1

      The current effort is just an example of the mass stupidity of the CIA and NSA in releasing weapons that can be readily discovered post use, and easily edited and copied and infinite number of times. Stupid is as stupid does. Those morons keep playing computer wars and the rest of us will end up with the consequences of the ultimate weapon in digital wars, electro magnetic pulses. That is the guaranteed inevitable result of the current stupid escalation.

      Easily edited and copied? Not necessarily easily. And all major nations are engaged in active cyberwarfare and research.

      --

      Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
    5. Re:not worth reading by Anonymous Coward · · Score: 0

      Ackchually, the logic bomb that killed a Russian pipeline was the very first documented case.

  11. Israeli university virus writing projects? by Anonymous Coward · · Score: 0

    I think I had read that, decades ago, Israel university student projects included writing a virus. Maybe this is just newer coursework?

  12. Stuxnet, arguably the world's first digital weapon by MillionthMonkey · · Score: 1

    People probably say these things because Stuxnet was the first worm to successfuly destroy a nuclear centrifuge plant.

  13. Re:Courtesy of the Israeli right wing by piojo · · Score: 1

    The US is more of a threat to the rest of the world than the middle east.

    That's only true because we're keeping the Middle East in check. If the war-loving factions in the Middle East were as competent as the US, the world would be fucked. (That's not to say the US isn't also somewhat war-loving. But the huge redeeming quality is that the US appreciates stability on a global scale.)

    --
    A cat can't teach a dog to bark.
  14. Re:Courtesy of the Israeli right wing by johanw · · Score: 1

    The US is an empire in decline. Military spending is becoming so large it will collapse on itself. Many examples in the past have shown this road, starting with the Roman empire up to the USSR, including it's lunatic emperors, party secretary's or presidents.

  15. Stuxnet, 1st digital weapon? by Big+Hairy+Ian · · Score: 1

    Surely Stuxnet mostly just copied the behavior of very early digital viruses (Which copied themselves from computer to computer via floppy disk)

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  16. Re:GAY NIG.GER GNAA FucktNet for ASS PROBING by Killall+-9+Bash · · Score: 1

    Oh, i've missed you so much, GNAA-tan!!!

    --
    "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
  17. Re: Courtesy of the Israeli right wing by Anonymous Coward · · Score: 0

    Lol! We manufacture wars. If it wasn't for all the Republican wars, companies like Haliburton would be bankrupt! These companies need wars to be able to afford those cozy govt contracts.

    #KillaryForPrison

  18. Re:Courtesy of the Israeli right wing by Anonymous Coward · · Score: 0

    The US also flies drones over its own cities:

    http://www.startribune.com/nighttime-flight-circles-low-over-twin-cities-for-hours/305398901/