>> |
09/29/10(Wed)10:58:20 No.275741XXX"Re: stuxnet origin
Well,
fact is that Stuxnet is very complex and developed by highly-skilled
professionals, probably the most sophisticated malware we have seen so
far. We estimate around 10 people working on it for at least 6 month,
well coordinated. Stuxnet is using 4 - at this time unknown -
vulnerabilities, which are usually not just found by accident, so I
would assume they bought them on the black market. The code is not
designed to steal money or intellectual property, or sending Spam, but
to sabotage industrial control components and software from Siemens, so
very specific in its purpose. The development team has very good
knowledge of these Siemens components. They were also using 2 stolen
certificates to ensure that stuxnet will be installed as a trusted
application, including a procedure to reinfect PCs even after
disinfection by poisoned Step7 files (used to configure Siemens
software).
However, the origin is completely speculative and I
assume we will never find it out, nor will any country secret service
admit their contribution or responsibility for it.
I personally
think that we should be much more aware of future exploits of it.
Stuxnet will be analysed be "common" cybercriminals, and sooner or later
they will learn from it to create other, highly targeted threats, with a
new qualilty, difficult to detect." |