Stuxnet
Upcoming SlideShare
Loading in...5
×
 

Stuxnet

on

  • 295 views

this ppt is making for present in our college.

this ppt is making for present in our college.

Statistics

Views

Total Views
295
Views on SlideShare
295
Embed Views
0

Actions

Likes
0
Downloads
16
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Stuxnet Stuxnet Presentation Transcript

  • Your computer is nothandled by you.You have loss yourdata.You do not know whatyour computer do.
  • Presentation By :Atif Hasnain Zaidi
  •  Basically Stuxnet is a Computerworm. It is discovered in June 2010. It is believed that STUXNET createdby the United States and Israel toattack Irans nuclear facilities. Roel Schouwenberg spends his days(and many nights) to creating theSTUXNET.
  •  A 500-kilobyte computer worm thatinfected the software of at least 14industrial sites in Iran, including auranium-enrichment plant. A computer virus relies on anunwitting victim to install it,a worm spreads on its own, oftenover a computer network. This worm was an unprecedentedlymasterful and malicious piece ofcode that attacked in three phases.
  •  2009 June: Earliest Stuxnet seen◦ Does not use MS10-046◦ Does not have signed drivers 2010 Jan: Stuxnet driver signed◦ With a valid certificate belonging to RealtekSemiconductors 2010 June: Virusblokada reports W32.Stuxnet◦ Stuxnet use MS10-46◦ Verisign revokes Realtek certificate 2010 July: Eset identify new Stuxnet driver◦ With a valid certificate belonging to JMicronTechnology Corp 2010 July: Siemens report they are investigatingmalware SCADA systems◦ Verisign revokes JMicron certificate
  •  2010 Aug: Microsoft issues MS10-046◦ Patches windows shell shortcut vulnerability 2010 Sept: Microsoft issues MS10-061◦ Patches Printer Spooler Vulnerability 2010 Sept: Iran nuclear plant hit by delay◦ Warm weather blamed◦ Measured temperatures were at historical averages 2010 Oct: Iran arrest “spies”◦ Spies who attempted to sabotage the countrysnuclear programme◦ Russian nuclear nuclear experts flee Iran
  •  Organization◦ Stuxnet consists of a large .dll file◦ 32 Exports (Function goals)◦ 15 Resources (Function methods) Stuxnet calls LoadLibrary◦ With a specially crafted file name that does notexist◦ Which causes LoadLibrary to fail. However, W32.Stuxnet has hooked Ntdll.dll◦ To monitor for requests to load specially craftedfile names.◦ These specially crafted filenames are mapped toanother location instead◦ A location specified by W32.Stuxnet.◦ Where a .dll file has been decrypted and storedby the Stuxnet previously.
  •  Stuxnet collects and store the following information:◦ Major OS Version and Minor OS Version◦ Flags used by Stuxnet◦ Flag specifying if the computer is part of aworkgroup or domain◦ Time of infection◦ IP address of the compromised computer◦ file name of infected project file Win 2K WinXP Windows 200 Vista Windows Server 2008 Windows 7 Windows Server 2008 R2
  •  Iran◦ Iran blames Stuxnet worm on Western plot (Ministryof Foreign Affairs)◦ "Western states are trying to stop Irans (nuclear)activities by embarking on psychological warfareand aggrandizing, but Iran would by no means giveup its rights by such measures,“◦ "Nothing would cause a delay in Irans nuclearactivities“◦ "enemy spy services" were responsible for Stuxnet(Minister of intelligence)
  •  Israel (DEBKA file)◦ An alarmed Iran asks for outside help to stoprampaging Stuxnet malworm◦ Not only have their own attempts to defeat theinvading worm failed, but they made mattersworse: The malworm became more aggressive and returned tothe attack on parts of the systems damaged in theinitial attack.◦ One expert said: "The Iranians have been forcedto realize that they would be better off notirritating the invader because it hits back with abigger punch.“◦ These statements were copied verbatim by mayor
  •  India 8.31% Azerbaijan 2.57% United States 1.56% Pakistan 1.28% Others 9.2% Iran 60% Indonesia 18.22%
  •  Stuxnet represents the first of many milestones inmalicious code history◦ It is the first to exploit multiple 0-dayvulnerabilities,◦ Compromise two digital certificates,◦ And inject code into industrial control systems◦ and hide the code from the operator. Stuxnet is of such great complexity◦ Requiring significant resources to develop◦ That few attackers will be capable of producing asimilar threat Stuxnet has highlighted direct-attack attempts oncritical infrastructure are possible and not justtheory or movie plotlines.