Stuxnet 0.5: The Missing Link

Stuxnet 0.5: The Missing Link

In July 2010, Stuxnet, one of the most sophisticated pieces of malware ever written, was discovered in the wild. This complex malware took many months to analyze and the eventual payload significantly raised the bar in terms of cyber threat capability. Stuxnet proved that malicious programs executing in the cyber world could successfully impact critical national infrastructure. The earliest known variant of Stuxnet was version 1.001 created in 2009. That is, until now.

Symantec Security Response has recently analyzed a sample of Stuxnet that predates version 1.001. Analysis of this code reveals the latest discovery to be version 0.5 and that it was in operation between 2007 and 2009 with indications that it, or even earlier variants of it, were in operation as early as 2005.

Key discoveries found while analyzing Stuxnet 0.5:

- Oldest variant of Stuxnet ever found
- Built using the Flamer platform
- Spreads by infecting Step 7 projects including on USB keys
- Stops spreading on July 4, 2009
- Does not contain any Microsoft exploits
- Has a full working payload against Siemens 417 PLCs that was incomplete in Stuxnet 1.x versions

As with version 1.x, Stuxnet 0.5 is a complicated and sophisticated piece of malware requiring a similar level of skill and effort to produce.

Read the Symantec´s report here:
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/stuxnet_0_5_the_missing_link.pdf

mercoled├Č 27 febbraio 2013
social:

Sei iscritto alla members area? Fai il login, oppure iscriviti.










Misura antispam: Quanto fa più 7?