Slashdot Mirror

← Back to Stories (view on slashdot.org)

There's a Stuxnet Copycat, and We Have No Idea Where It Came From (vice.com)

Posted by msmash on from the digital-weapon-round-two dept.

Joseph Cox, reporting for Motherboard: After details emerged of Stuxnet, arguably the world's first digital weapon, there were concerns that other hackers would copy its techniques. Now, researchers have disclosed a piece of industrial control systems (ICS) malware inspired heavily by Stuxnet. Although the copycat malware -- dubbed IRONGATE by cybersecurity company FireEye -- only works in a simulated environment it, like Stuxnet, replaces certain types of files, and was seemingly written to target a specific control system configuration. [...] IRONGATE works within a simulated Siemens environment called PLCSIM, used for testing programs before they are pushed out into the field. Like Stuxnet, IRONGATE replaces a Dynamic Link Library (DLL), a small collection of code that can be used by different programs at the same time, with a malicious one of its own. IRONGATE's DLL records five seconds of traffic from the Siemens' system to the user interface, and replays it over again, potentially tricking whoever is monitoring the system into thinking everything is fine, while the malware might manipulate something else in the background.Dark Reading's coverage on this is also worth a read.

30 comments

  1. "no idea" by Anonymous Coward · · Score: 0

    Please read this thread.

    https://twitter.com/da_667/status/738463931988094976

    1. Re:"no idea" by Anonymous Coward · · Score: 0

      fascinating

  2. GAY NIG.GER GNAA FucktNet for ASS PROBING by Anonymous Coward · · Score: -1
    G_N_A_A (GAY NIG.GER ASSOCIATION OF AMERICA) is the first organization which
    gathers GAY NIG.GERS from all over America and abroad for one common goal - being GAY NIG.GERS.

    Are you GAY ?
    Are you a NIG.GER ?
    Are you a GAY NIG.GER ?

    If you answered "Yes" to any of the above questions, then G_N_A_A (GAY NIG.GER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
    Join G_N_A_A (GAY NIG.GER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time G_N_A_A member.
    G_N_A_A (GAY NIG.GER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIG.GER community with THOUSANDS of members all over United States of America. You, too, can be a part of G_N_A_A if you join today!

    Why not? It's quick and easy - only 3 simple steps!

    First, you have to obtain a copy of GAY NIG.GERS FROM OUTER SPACE THE MOVIE and watch it.

    You can watch GAY NIG.GERS FROM OUTER SPACE on Youtube.

    Second, you need to succeed in posting a G_N_A_A "first post" on slashdot.org , a popular "news for trolls" website

    Third, you need to join the official G_N_A_A irc channel #G_N_A_A on EFNet, and apply for membership.
    Talk to one of the ops or any of the other members in the channel to sign up today!

    If you are having trouble locating #G_N_A_A, the official GAY NIG.GER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.easynews.com as one of the EFNet servers.
    If you do not have an IRC client handy, you are free to use the G_N_A_A Java IRC client by clicking here.

    If you have mod points and would like to support G_N_A_A, please moderate this post up.

    This post brought to you by Penisbird , a proud member of the G_N_A_A

    G_____________________________________naann_______ ________G
    N_____________________________nnnaa__nanaaa_______ ________A
    A____________________aanana__nannaa_nna_an________ ________Y
    A_____________annna_nnnnnan_aan_aa__na__aa________ ________*
    G____________nnaana_nnn__nn_aa__nn__na_anaann_MERI CA______N
    N___________ana__nn_an___an_aa_anaaannnanaa_______ ________I
    A___________aa__ana_nn___nn_nnnnaa___ana__________ ________G
    A__________nna__an__na___nn__nnn___SSOCIATION_of__ ________G
    G__________ana_naa__an___nnn______________________ ________E
    N__________ananan___nn___aan_IGGER________________ ________R
    A__________nnna____naa____________________________ ________S
    A________nnaa_____anan____________________________ ________*
    G________anaannana________________________________ ________A
    N________ananaannn_AY_____________________________ ________S
    A________ana____nn_________IRC-EFNET-#G_N_A_A________ ________S
    A_______nn_____na_________________________________ ________O
    *_______aaaan_____________________________________ ________C
     Gary Niger gary_niger@G_N_A_A.us G_N_A_A Corporate Headquarters 143 Rolloffle Avenue Tarzana, California 91356
    Enid Al-Punjabi enid_al_punjabi@G_N_A_A.us G_N_A_A World Headquarters No.33 Kyutei Bld. 2F, Shinjuku 2-11-7, Shinjuku-ku, Tokyo, Japan ????????2??11-6
    Copyright (c) 2003-2015 Gay NIG.GER Association of America

    Ich Bindawalross (London) - G_N_A_A (NYSE: G_N_A_A) Presiden

    1. Re:GAY NIG.GER GNAA FucktNet for ASS PROBING by Anonymous Coward · · Score: 0

      Wow... is it 2004 Livejournal all over again?

    2. Re:GAY NIG.GER GNAA FucktNet for ASS PROBING by Killall+-9+Bash · · Score: 1

      Oh, i've missed you so much, GNAA-tan!!!

      --
      "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
  3. Courtesy of the Israeli right wing by Anonymous Coward · · Score: -1

    How dare they try to thwart peaceful progress with nuclear energy for our Muslim neighbors in the developing world.

    1. Re:Courtesy of the Israeli right wing by Anonymous Coward · · Score: -1

      The US is more of a threat to the rest of the world than the middle east.

      The US government has made its population so paranoid about terrorists that they no longer see whats is happening inside the US. Loss of privacy, secret search warrants, illegal data collection, no national database of when the police shoot and kill someone. US infrastructure is rapidly going and will start failing soon, wages in real terms are lower than the 1970s, a greater proportion of US wealth is concentrated in fewer people and ever before. The health system is the number 3 killer after cancer and heart disease, you are about 100,000 time MORE likely to be killed by your doctor than by a terrorist.

      meanwhile the US flies drones over foreign countries , kills hundreds of women, children and other innocents wantonly, writes them off as "unavoidable collateral damage" or other cutesy terms and wonders why they are disliked.

      Then there is the buildup of military and stirring up of "military partners" in asia by the US, and they then wonder why China is increasing it military there.

      You have had/have presidential candidates effectively saying they will nuke the middle east, have become xenophobic.

      As Trump says "trust me", the US has become the biggest threat to peace.

    2. Re:Courtesy of the Israeli right wing by piojo · · Score: 1

      The US is more of a threat to the rest of the world than the middle east.

      That's only true because we're keeping the Middle East in check. If the war-loving factions in the Middle East were as competent as the US, the world would be fucked. (That's not to say the US isn't also somewhat war-loving. But the huge redeeming quality is that the US appreciates stability on a global scale.)

      --
      A cat can't teach a dog to bark.
    3. Re:Courtesy of the Israeli right wing by johanw · · Score: 1

      The US is an empire in decline. Military spending is becoming so large it will collapse on itself. Many examples in the past have shown this road, starting with the Roman empire up to the USSR, including it's lunatic emperors, party secretary's or presidents.

    4. Re: Courtesy of the Israeli right wing by Anonymous Coward · · Score: 0

      Lol! We manufacture wars. If it wasn't for all the Republican wars, companies like Haliburton would be bankrupt! These companies need wars to be able to afford those cozy govt contracts.

      #KillaryForPrison

    5. Re:Courtesy of the Israeli right wing by Anonymous Coward · · Score: 0

      The US also flies drones over its own cities:

      http://www.startribune.com/nighttime-flight-circles-low-over-twin-cities-for-hours/305398901/

  4. We have no idea where it came from? Yeah right. by U2xhc2hkb3QgU3Vja3M · · Score: 0

    Do you want to get Skynet? Because that's how you get Skynet.

  5. We Have No Idea Where It Came From... by __aaclcg7560 · · Score: 3, Funny

    Stack Overflow?

  6. (((We))) have no idea by Anonymous Coward · · Score: 0

    It came from Israel. Why feign ignorance?

    1. Re:(((We))) have no idea by Anonymous Coward · · Score: 0

      OY VEY SHUT IT DOWN

  7. Too advanced to detect? by Anonymous Coward · · Score: 0

    Ok now that is pretty advanced. How exactly is a anti-virus app supposed to detect and remove that in real time? Daym!

    1. Re:Too advanced to detect? by Anonymous Coward · · Score: 0

      By checking (Am I running?) - if yes, no virus, but if no, then virus.

  8. that's why you buy American! by Anonymous Coward · · Score: 0

    L85E

    Yes, that's a $20,000+ PLC there, boys

  9. Fake VMs for protection... by Anonymous Coward · · Score: 0

    I am pretty sure that there are more advanced/complicated/effective ways to test to see if you are running in a VM but you could always recreate the particular folders and registry keys looked for to appear that your main OS is running within a virtual machine. This would, at a minimum, stop the simpler malware that attempts to block analysis...

  10. IRONGATE replaces a Dynamic Link Library (DLL) by khz6955 · · Score: 1

    Presumably this 'digital weapon' only runs on Microsoft Windows ©

    1. Re:IRONGATE replaces a Dynamic Link Library (DLL) by Anonymous Coward · · Score: 0

      You can of course install wine on your Linux ICS to be compatible with other vendors. Perhaps we should soon add IRONGATE to this list? https://en.wikipedia.org/wiki/List_of_automation_protocols

  11. not worth reading by xeno · · Score: 4, Insightful

    I got to "Stuxnet, arguably the world's first digital weapon" and hit the limit for stupid in the first sentence. No need to read further.
    I could also argue that dirt is water, and it'd be just as ridiculous.

    How about Buckshot Yankee in 2005, using a modified version of agent.btz that combined compromise with persistence, worm, and staging tool?
    How about the automation portion of Titan Rain in 2003, that combined seeking, filtering, persisting, gathering, and moving on?
    Or maybe the 2007 Sinowal/Torpig/Mebroot variants that were pretty much fully autonomous self-updating weapons once launched -- do weapons against commercial entities not count as much as weapons from or toward nation-states?
    Does none of that count? Stuxnet had more self-contained payload tuned for the target environment, but less self-updating/persistence and other capabilities. So what the hell kind of n00b idiocy is "world's first digital weapon"?

    FFS, if you don't know the first thing about history, please don't try to pontificate on the topic.

    --
    I think not...(*poof*)
    1. Re:not worth reading by rtb61 · · Score: 2

      Technically the first digital weapons arose around https://en.wikipedia.org/wiki/.... Breaking a machine generated code by other machines and used in war, hence the first examples of digital warfare. The current effort is just an example of the mass stupidity of the CIA and NSA in releasing weapons that can be readily discovered post use, and easily edited and copied and infinite number of times. Stupid is as stupid does. Those morons keep playing computer wars and the rest of us will end up with the consequences of the ultimate weapon in digital wars, electro magnetic pulses. That is the guaranteed inevitable result of the current stupid escalation.

      --
      Chaos - everything, everywhere, everywhen
    2. Re:not worth reading by jantangring · · Score: 1

      These were super cool references, and you are obviously very knowledgeble.

      ”Weapon” is just a metaphor.

      Stuxnet/Olympic Games caused physical damage, that was a first (counting only well documented cases).

    3. Re:not worth reading by apoc.famine · · Score: 1

      It's also pretty frustrating that neither the submitter nor the editor could find a better article. This is not /. material. An article that's factually wrong and which explains what a DLL is does not belong here.

      --
      Velociraptor = Distiraptor / Timeraptor
    4. Re:not worth reading by cyberchondriac · · Score: 1

      The current effort is just an example of the mass stupidity of the CIA and NSA in releasing weapons that can be readily discovered post use, and easily edited and copied and infinite number of times. Stupid is as stupid does. Those morons keep playing computer wars and the rest of us will end up with the consequences of the ultimate weapon in digital wars, electro magnetic pulses. That is the guaranteed inevitable result of the current stupid escalation.

      Easily edited and copied? Not necessarily easily. And all major nations are engaged in active cyberwarfare and research.

      --

      Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
    5. Re:not worth reading by Anonymous Coward · · Score: 0

      Ackchually, the logic bomb that killed a Russian pipeline was the very first documented case.

  12. Israeli university virus writing projects? by Anonymous Coward · · Score: 0

    I think I had read that, decades ago, Israel university student projects included writing a virus. Maybe this is just newer coursework?

  13. Stuxnet, arguably the world's first digital weapon by MillionthMonkey · · Score: 1

    People probably say these things because Stuxnet was the first worm to successfuly destroy a nuclear centrifuge plant.

  14. Stuxnet, 1st digital weapon? by Big+Hairy+Ian · · Score: 1

    Surely Stuxnet mostly just copied the behavior of very early digital viruses (Which copied themselves from computer to computer via floppy disk)

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.