October 08, 2010

Stuxnet examined at Vancouver conference

The Stuxnet SCADA virus is a sophisticated attack mounted directly against control systems in Iran, according to researchers from Symantec. The company presented its findings at the Vancouver, BC-based Virus Bulletin conference late last month.

Originally discovered in July, Stuxnet was operating for at least a year before that, according to Liam O Murchu, supervisor of security response operations for North America at Symantec. The virus included the world's first-ever rootkit designed for programmable logic controllers (PLCs). In this case, it was written specifically for a Siemens PLC. The malware would have been written using 5-10 core developers over six months and tested on systems mirroring the process control hardware, he said.

So sophisticated was the attack that the perpetrators would have needed to steal digital certificates used to sign driver files used in target systems.

“The amount of components and code used is very large,” said Murchu's analysis of the threat. “In addition to this, the authors' ability to adapt the threat to use an unpatched vulnerability to spread through removable drives shows that the creators of this threat have huge resources available to them and have the time needed to spend on such a big task. This is not a teenage hacker coding in his bedroom-type operation.”

Iran, which has an ongoing nuclear programme, and which has threatened the destruction of Israel, has speculated that the worm is a western plot against its nuclear plants. Foreign Ministry spokesman Ramin Mehmanparast said that Stuxnet was a Zionist attempt to cripple its nuclear activities.

The activation of Bushehr nuclear power plant in Iran was delayed for ‘technical reasons', said Mehmanparast, responding to press reports that the plant had been infected with Stuxnet.

Fifty-eight percent of the infected Stuxnet hosts were in Iran, said Murchu. That figure rose to 67 percent of systems specifically running Siemens' Step 7 industrial control software.

Controversy over the worm deepened after the discovery that one of its files was named ‘Myrtus'. That could refer to the Hebrew Book of Esther, which tells the story of a pre-emptive Persian plot against the Jews.

Similar Articles
Related Topics
close

Next Article in SC Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

May 10, 2010

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

May 10, 2010

SC Magazine Canada

More in SC Canada

Bill C-30 falls owing to expense and privacy concerns

After intense opposition from the public, the Canadian government pledged to not introduce additional legislation to monitor online activity.

Critical infrastructure a weak point, says Canadian official

The Canadian government should to make it mandatory for utility companies and others to tighten security, a former official told a security conference.

China-telco partnership fears unwarranted, says Ontario official

The nascent partnership between a Chinese development group and an entrepreneurial hub funded by three levels of Canadian government has raised concerns from an outspoken former security adviser to Nortel Networks.