Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 General Forum
 Miscellany (Technical)
 Yet another revisit of the Stuxnet		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

JSCLMEDAVE
Administrator

USA
6139 Posts
Status: offline
Posted - 06/06/2012 :  11:08:48 AM  Show Profile  Visit JSCLMEDAVE's Homepage  Click to see JSCLMEDAVE's MSN Messenger address  Reply with Quote
Yet another revisit of the Stuxnet story:
http://m.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1

Speaking of Stuxnet, in case you missed it I posted a 3-part series analyzing Stuxnet with Sysinternals tools
http://blogs.technet.com/b/markrussinovich/archive/2011/03/30/3416253.aspx

Mark Russinovich
Tim-

“This too shall pass"

joe_elway
Honorable But Hopeless Addict

Ireland
7406 Posts
Status: offline
Posted - 06/06/2012 :  2:11:34 PM  Show Profile  Visit joe_elway's Homepage  Reply with Quote
Listened to last week's security now on TWiT. Flame is SCARY.
Aidan Finn
MCSE, MVP (Virtual Machine)

IT Blog: http://www.aidanfinn.com
My Photography: http://www.aidanfinnphoto.com/
Books: WS2012 Hyper-V Installation & Config Guide, MSFT Private Cloud Computing
Twitter: http://twitter.com/joe_elway
Go to Top of Page

aval
Honorable But Hopeless Addict

USA
3288 Posts
Status: offline
Posted - 06/06/2012 :  4:37:42 PM  Show Profile  Reply with Quote
Yes, apparently can infect a fully patched Windows 7 machine.

Has it been determined by what means?

(What vulnerability allows it to do this?)

I know USB key is one vector.

Interesting that UAC would not prevent this (???).

It also demonstrates the uselessness of antivirus against anything other than known malware. Heuristics didn't seem very useful.

I do understand that quite a team must have been gatehr ed to write this and I recall reading somewhere (correct or not) that it was tested against various antivirus software to make sure it would not be detected.

Kaspersky should be getting some good publicity as it looks like they first discovered it.
Go to Top of Page

jaxdave
Honorable But Hopeless Addict

USA
2430 Posts
Status: offline
Posted - 06/06/2012 :  5:26:06 PM  Show Profile  Reply with Quote
http://www.informationweek.com/aroundtheweb/security/confirmed-us-and-israel-created-stuxnet/6d316567303750425369554d78775330625477534c513d3d?itc=SBX_iwk_fture_sociative_Security_security . Like we needed more cyber attacks right. I love the piece about how they are still trying to crack the last two pieces of encryption in the other link Tim provided. Yeah I bet they are
Go to Top of Page

JSCLMEDAVE
Administrator

USA
6139 Posts
Status: offline
Posted - 06/06/2012 :  5:59:15 PM  Show Profile  Visit JSCLMEDAVE's Homepage  Click to see JSCLMEDAVE's MSN Messenger address  Reply with Quote
Microsoft blog post explaining how malware authors were able to sign Flame as if it was from Microsoft and our fixes:
http://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx

Mark Russinovich
Tim-

“This too shall pass"
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.16 seconds. Snitz Forums 2000