Jump to content

NY Times reports US and Israel behind Stuxnet

/dev/null

By /dev/null
in Politics, Polls, and Pundits

 Share

Recommended Posts

Keukasmallies Veteran

Keukasmallies

Posted
Posted

I sure hope the US is a partner in whatever is mucking up the Iranians playpen. I also hope that we have "people" doing things as nasty to all sorts of other groups here on terra firma. My motto is, "Do unto others before the bastards do unto you."

 

Golly, I hope that's politically correct; is it, should I change it, will our allies think less of us, can we make it up to those less fortunate...you know, the ones with the C4 strapped to their chests....? Should we send Joe Biden and Hill'ry to make nice with the dark forces of the earth?

 

&%#$ 'em all, but save six for pall bearers.

Link to comment
Share on other sites
Gene Frenkle Veteran

Gene Frenkle

Posted
Posted

How do you put a worm in a stand alone controller? Is this thing on the internet?

Wow, I'm glad you asked that question because the answer is pretty cool. So I did some reading:

 

Early Stuxnet Variants Used 'Cunning' Hack of AutoRun to Spread

 

 

It seems that early on, it used a vulnerability in Window's AutoRun routine. The autorun.ini file would exist at the root of a removable usb drive, cd or some other media. When inserted into a Windows system, provided the AutoRun settings were favorable for the worm, it would execute code hidden in very same autorun.ini file. It would also add an additional 'Open' command to the main Windows context menu (right-click an empty area on your desktop). When invoked, Windows would launch Stuxnet in the background while otherwise behaving normally. Microsoft has since patched this exploit.

 

The Stuxnet authors did not discover a vulnerability in AutoRun, O Murchu wrote. Instead, they discovered a flaw in the way the function processes instructions from autorun.inf files. That flaw allowed the Stuxnet authors to craft an autorun.inf file that contained both legitimate AutoRun commands and the malicious executable. The finished file could be interpreted as either an executable file or as a correctly formatted autorun.inf file, O Murcho wrote. Thus the autorun.inf file would allow the USB drive to load on the Windows system, and launch the Stuxnet payload on the system, he said. If that failed, the authors also planted a bogus "Open" command on the context (or right-click) menu for the USB drive. Users who activated the context menu and clicked on the bogus Open command would launch the Stuxnet malware invisibly in the background, O Murcho wrote.

 

 

Details of the early AutoRun exploit:

Stuxnet Before the .lnk File Vulnerability

 

 

In March of 2010, it seems, an upgraded version of Stuxnet began exploiting a Windows vulnerability having to so with the Print Spooler service. This exploit was first published in a Polish Hacking magazine and was in the public domain for at least a year before Microsoft did anything about it. This exploit has (finally) been patched as well.

 

O Murchu was one of a handful of security researchers who discovered the Print Spooler Service hole as part of a forensic analysis of Stuxnet. The vulnerability, which was believed at the time to be previously undisclosed, affects most versions of Windows, could allow remote code to be run on vulnerable systems. Microsoft issued a security update, MS10-061, closing the hole and commending researchers at Kaspersky Lab and Symantec for relaying information about the vulnerability.

 

However, it now appears that information about the flaw was in the public domain for more than a year before Stuxnet first appeared, buried in the pages of Hakin9, a respected bimonthly magazine published out of Warsaw, Poland. An article by security researcher Carsten Köhler describes how shared network printer functionality on Windows can be used to elevate the local user's privileges or to gain command line access to network print servers. The article details both privilege escalation attacks and attack code for carrying out remote code excecution on a vulnerable Windows system.

 

 

Microsoft Missed 2009 Published Article on Stuxnet-Type Attack

 

Link to comment
Share on other sites
DC Tom Hall of Famer

DC Tom

Posted
Posted

Imagine if someone developed something like this to screw with the international financial system? :ph34r:

 

As soon as I saw you replied to this thread I said to myself "I know I can count on Dave to contribute something completely idiotic to this thread."

 

Thanks for not disappointing.

Link to comment
Share on other sites
OCinBuffalo All Pro

OCinBuffalo

Posted
Posted

Well, we all suspected, but this is sorta confirmation. Bad news: Iran will use this in negotiations. Good news: I win a bet with a friend.

No. WE all suspected. You read what I wrote, and now you "agree".

 

Who the f makes a bet with their friend about an obscure issue like this, that happened so long ago? And what idiot would bet against it? Who would think it would be anybody else? Why? Who even bets on this in general? Why? Wouldn't somebody have to have a rational alternative to us/Israel to make a bet like this? What is that alternative, booster, you moron?

 

Why tell us about a bet that almost certainly doesn't exist?....oh, that's right, so that you can pretend that you figured this out on your own, and then were so "smart", you bet somebody that you were right.

 

Yeah, this is all very feasible. :blink::lol:

 

Ahh, booster...it must suck not to be able to analyze things before you post them. Or, it must suck that they only people you can hang out with have to be as simple as you.

Link to comment
Share on other sites
Booster4324 Veteran

Booster4324

Posted
Posted

No. WE all suspected. You read what I wrote, and now you "agree".

 

Who the f makes a bet with their friend about an obscure issue like this, that happened so long ago? And what idiot would bet against it? Who would think it would be anybody else? Why? Who even bets on this in general? Why? Wouldn't somebody have to have a rational alternative to us/Israel to make a bet like this? What is that alternative, booster, you moron?

 

Why tell us about a bet that almost certainly doesn't exist?....oh, that's right, so that you can pretend that you figured this out on your own, and then were so "smart", you bet somebody that you were right.

 

Yeah, this is all very feasible. :blink::lol:

 

Ahh, booster...it must suck not to be able to analyze things before you post them. Or, it must suck that they only people you can hang out with have to be as simple as you.

 

:lol:

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...