Stuxnet

406 views

Published on

this ppt is making for present in our college.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Stuxnet

  1. 1. Your computer is nothandled by you.You have loss yourdata.You do not know whatyour computer do.
  2. 2. Presentation By :Atif Hasnain Zaidi
  3. 3.  Basically Stuxnet is a Computerworm. It is discovered in June 2010. It is believed that STUXNET createdby the United States and Israel toattack Irans nuclear facilities. Roel Schouwenberg spends his days(and many nights) to creating theSTUXNET.
  4. 4.  A 500-kilobyte computer worm thatinfected the software of at least 14industrial sites in Iran, including auranium-enrichment plant. A computer virus relies on anunwitting victim to install it,a worm spreads on its own, oftenover a computer network. This worm was an unprecedentedlymasterful and malicious piece ofcode that attacked in three phases.
  5. 5.  2009 June: Earliest Stuxnet seen◦ Does not use MS10-046◦ Does not have signed drivers 2010 Jan: Stuxnet driver signed◦ With a valid certificate belonging to RealtekSemiconductors 2010 June: Virusblokada reports W32.Stuxnet◦ Stuxnet use MS10-46◦ Verisign revokes Realtek certificate 2010 July: Eset identify new Stuxnet driver◦ With a valid certificate belonging to JMicronTechnology Corp 2010 July: Siemens report they are investigatingmalware SCADA systems◦ Verisign revokes JMicron certificate
  6. 6.  2010 Aug: Microsoft issues MS10-046◦ Patches windows shell shortcut vulnerability 2010 Sept: Microsoft issues MS10-061◦ Patches Printer Spooler Vulnerability 2010 Sept: Iran nuclear plant hit by delay◦ Warm weather blamed◦ Measured temperatures were at historical averages 2010 Oct: Iran arrest “spies”◦ Spies who attempted to sabotage the countrysnuclear programme◦ Russian nuclear nuclear experts flee Iran
  7. 7.  Organization◦ Stuxnet consists of a large .dll file◦ 32 Exports (Function goals)◦ 15 Resources (Function methods) Stuxnet calls LoadLibrary◦ With a specially crafted file name that does notexist◦ Which causes LoadLibrary to fail. However, W32.Stuxnet has hooked Ntdll.dll◦ To monitor for requests to load specially craftedfile names.◦ These specially crafted filenames are mapped toanother location instead◦ A location specified by W32.Stuxnet.◦ Where a .dll file has been decrypted and storedby the Stuxnet previously.
  8. 8.  Stuxnet collects and store the following information:◦ Major OS Version and Minor OS Version◦ Flags used by Stuxnet◦ Flag specifying if the computer is part of aworkgroup or domain◦ Time of infection◦ IP address of the compromised computer◦ file name of infected project file Win 2K WinXP Windows 200 Vista Windows Server 2008 Windows 7 Windows Server 2008 R2
  9. 9.  Iran◦ Iran blames Stuxnet worm on Western plot (Ministryof Foreign Affairs)◦ "Western states are trying to stop Irans (nuclear)activities by embarking on psychological warfareand aggrandizing, but Iran would by no means giveup its rights by such measures,“◦ "Nothing would cause a delay in Irans nuclearactivities“◦ "enemy spy services" were responsible for Stuxnet(Minister of intelligence)
  10. 10.  Israel (DEBKA file)◦ An alarmed Iran asks for outside help to stoprampaging Stuxnet malworm◦ Not only have their own attempts to defeat theinvading worm failed, but they made mattersworse: The malworm became more aggressive and returned tothe attack on parts of the systems damaged in theinitial attack.◦ One expert said: "The Iranians have been forcedto realize that they would be better off notirritating the invader because it hits back with abigger punch.“◦ These statements were copied verbatim by mayor
  11. 11.  India 8.31% Azerbaijan 2.57% United States 1.56% Pakistan 1.28% Others 9.2% Iran 60% Indonesia 18.22%
  12. 12.  Stuxnet represents the first of many milestones inmalicious code history◦ It is the first to exploit multiple 0-dayvulnerabilities,◦ Compromise two digital certificates,◦ And inject code into industrial control systems◦ and hide the code from the operator. Stuxnet is of such great complexity◦ Requiring significant resources to develop◦ That few attackers will be capable of producing asimilar threat Stuxnet has highlighted direct-attack attempts oncritical infrastructure are possible and not justtheory or movie plotlines.

×