Yeaaaaaaaaaah
 
Home » News Stories » Worm Could Raise Nuclear Tensions

News Stories

Job Search

Events

Back to News »

Worm Could Raise Nuclear Tensions

Share this:
digg it  | kickit | Email it | del.icio.us | reddit | liveIt
Subscribe to IrishDev News RSS Add to Google
CategoryTechnology
DateTuesday, July 20, 2010
Author

Worm Could Raise Nuclear Tensions 

New Worm Win32/Stuxnet Attacks in the U.S. & Iran Points to Malware-Aided Industrial Espionage Over Nuclear Argument

 

 

ESET_Win32_Stuxnet.jpgAccording to anti-virus and threat protection company, ESET, the breakout of a worm dubbed Win32 / Stuxnet which is infecting SCADA systems across the US and Iran, is tantamount to malware-aided industrial espionage in the midst of of persisting tensions between the two nations over nuclear ambitions of this Middle Eastern country.

 

 

The worm has been active for several days, used in targeted attacks to penetrate SCADA systems, especially in the United States and Iran. Exploiting a vulnerability in Windows® Shell, this dangerous threat is detected by ESET as LNK/Autostart.A.

 

 

ESET's analysis suggests the Stuxnet worm poses no greater threat for home users than the average computer threat,  with most of the damage caused limited to industrial targets, . The danger lies in the Windows® OS vulnerability connected with processing of LNK files, and experts expect even more malware families to begin to exploit this security gap in the near future.

 

 

"So far, the number of infected PCs are in the tens of thousands, 58% of all infections reported in the United States; 30% in Iran and slightly over 4% percent in Russia. But, of course, this figure is likely to rise," says Juraj Malcho, Head of the Virus Lab at ESET's global headquarters in Bratislava, Slovakia.

 

 

Malcho continues: "This worm is an exemplary case of targeted attack exploiting a zero-day vulnerability, or, in other words, a vulnerability which is unknown to the public. This particular attack targets the industrial supervisory software SCADA. In short - this is an example of malware-aided industrial espionage. The question is why the chart of affected nations looks as it does."

 

 

An Interesting angle is how the worm spreads. Randy Abrams, Director of Technical Education at ESET in the U.S said: "For a truly targeted attack it would have been coded to make specific checks to see that it only ran where it was supposed to and did not spread. Spreading increases the odds of detection. If the attack was aimed at only US systems, then the attacker would not want the code appearing all over the world. This fact might indicate a number of potential attackers."

 

"The ability to attack power grids throughout the world would be very appealing to terrorist groups," concludes Abrams.

 

 

Also, on July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp". This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp. It is interesting to note that both companies whose code signing certificates were used have offices in Hsinchu Science Park, Taiwan.

 

 

The malicious file, named jmidebs.sys, has functions very similar to those originally noted in the system drivers used by Win32/Stuxnet. This driver is responsible for identifying and injecting code into processes running on an infected machine. The injected code seems to be responsible for stealing information. The compilation date for this latest binary is July 14th 2010, much more recent than the files previously seen, which dated from earlier this year.

 

 

Pierre-Marc Bureau, Senior researcher with ESET said: "This new information is important because it provides more information on the people behind Win32/Stuxnet. We rarely see such professional operations. They either stole the certificates from at least two companies or purchased them from someone who stole them. At this point, it isn't clear whether the attackers are changing their certificate because the first one was exposed or if they are using different certificates in different attacks, but this shows that they have significant resources."

 

 

 

ESET say that their security solutions effectively detect and clean the Win32/Stuxnet threat.

 

A warning to Windows users around the globe has now been issued and a patch from Microsoft is expected to be issued soon.

 

 

Visit Reflex - ESET Distributor in Ireland


 

 

The 3rd Irish Software Show 2011 - Date Announced Click Here


 

People reading this article also read....

 

 

More ESET News on IrishDev.com

 

More Virus News on IrishDev.com

 

More Security News on IrishDev.com

 

More Hacking News on IrishDev.com

 


 

 

Get Instant Updates....

Join IrishDev.com on Facebook and Twitter

 

 

 

Got a Story – Share it with the Irish Software Community – Email us at
Back to News »
digg it  | kickit | Email it | del.icio.us | reddit | liveIt | RSS
E-mail
SugarCRM Solutions for Irish Start-ups
ESET Antivirus Software
Corporate Video Service