SlideShare a Scribd company logo
STUXNET ….DUQU….FALME…..?
                   Santosh Khadsare
“Now we’re living in the era of cyber
weapons. The world is different. Not just
cyber hooligans, vandals. Not just criminals.
But governments are in the game and I’m
afraid for the worst, I’m still expecting, cyber
terrorism.”
               Eugene Kaspersky ,CEO of Kaspersky Lab
Stuxnet….Duqu….Flame
•     Stuxnet is a computer work discovered in June
    2010. Stuxnet initially spreads via Microsoft
    Windows, and targets Siemens industrial software
    and equipment. While it is not the first time that
    hackers have targeted industrial systems, it is the
    first discovered malware that spies on and
    subverts industrial systems, and the first to include
    a programmable logic controller (PLC) rootkit.

• Duqu is a computer worm discovered on 1
  September 2011, thought to be related to the
  Stuxnet worm. The main component used in Duqu
  is designed to capture information such as
Stuxnet….Duqu….Flame
• Flame like Duqu, is designed to steal
  different databases. A completely new
  thing that Flame can be used for is audio
  spying. Flame detects and recognizes a
  microphone on the infected computer,
  turns the microphone on and then records
  every conversation taking place in this
  room. Recorded data is immediately
  transferred to the server from which the
  virus began to spread.
Stuxnet flame
Stuxnet

• Spread on Microsoft Windows
• Developed June 2009
• Spreading began late 2009/early 2010
• Discovered in July 2010
  o Microsoft out-of-band patch released
    August 2010 - .lnk exploit
  o More patches with the September 'Patch
    Tuesday' - print spooler exploit
• Around half a megabyte
• C, C++, and other object oriented languages
What the news says it was

• Iranian centrifuge destroyer!
   o It's one goal was to destroy the Iranian
     nuclear program
• Developed by the United States and Israel
• Contributed to the Gulf oil leak
• 'Mission: Impossible'-like virus
• It will kill your unborn children
   o Assuming they are born in a hospital using
     PLC machines
How it did it
• USB drive for initial infection, then spread on network
• .lnk file exploit
   o As soon as the shortcut is displayed, exploit is run
• Windows vulnerabilities
   o EoP
       Task scheduler
   o MS08-067 (Conficker) - Already patched!!!! (but not on these
       systems)
   o   Printspooler exploit
   o   Used at least 4 previously undiscovered vulnerabilities

• Searched for WinCC and PCS 7 SCADA management
  programs
   o Tried default Siemens passwords to gain access
   o If access is granted, PLC software could be
     reprogrammed
• Used stolen signed digital certificates
How it did it (cont.)
•   Installed a RPC server
•   Self-updating
     o Machines check on other machines running Stuxnet and do a version check
     o Newer versions automatically push their version onto the other machines
     o Older versions automatically request newer version to be pushed
           If central server goes down, updates still spread




                                                               *RPC: Remote Procedure Call
Stuxnet flame
Stuxnet flame
Links
• Stuxnet was the first cyber-weapon targeting
  industrial facilities. The fact that Stuxnet also
  infected regular PCs worldwide          led to its
  discovery in June 2010, although the earliest
  known version of the malicious program was
  created one year before that.
• The next example of a cyber-weapon, now known
  as Duqu, was found in September 2011. Unlike
  Stuxnet, the main task of the Duqu Trojan was to
  serve as a backdoor to the infected system and
  steal private information (cyber-espionage).
• During the analysis of Duqu, strong similarities
Senior Virus Analyst
Alexander Gostev
A Russian computer security company (Kaspersky
Lab’s) detected a new spyware program called
Flame.
The Find……..Flame
• In April 2012, several computers of the National
  Iranian Oil Company, as well as several Iranian
  ministries, have been infected by an unknown
  virus. This case was just a single link in a chain
  of cyber attacks during which viruses
  like Stuxnet and Duqu were used.
• The International Telecommunication Union
  (ITU) has Kaspersky Labs to analyze the
  situation. They were searching for a virus called
  Wiper, but found something more terrible instead
  – the Flame.
The Find……..Flame
• The “Resource 207” module is an encrypted
  DLL file and it contains an executable file that’s
  the size of 351,768 bytes with the name
  “atmpsvcn.ocx”. This particular file, as it is now
  revealed by Kaspersky Lab’s investigation, has a
  lot in common with the code used in Flame.
• The list of striking resemblances includes the
  names of mutually exclusive objects, the
  algorithm used to decrypt strings, and the similar
  approaches to file naming.
• More than that, most sections of code appear to
  be identical or similar in the respective Stuxnet
  and Flame modules, which leads to the
Stuxnet flame
• Kaspersky Lab discovered that a module from the
  early 2009-version of Stuxnet, known as
  “Resource 207,” was actually a Flame plugin.
• This means that when the Stuxnet worm was
  created in the beginning of 2009, the Flame
  platform already existed, and that in 2009, the
  source code of at least one module of Flame was
  used in Stuxnet.
• This module was used to spread the infection via
  USB drives. The code of the USB drive infection
  mechanism is identical in Flame and Stuxnet.
• The Flame module in Stuxnet also exploited a
  vulnerability which was unknown at the time
  and which enabled escalation of privileges,
  presumably MS09-025. Subsequently, the
  Flame plugin module was removed from
  Stuxnet in 2010 and replaced by several
  different modules that utilized new
  vulnerabilities.
Stuxnet flame
Stuxnet flame
Flame: The sophisticated virus has been used to spy on computer systems
Stuxnet flame
Stuxnet flame
Stuxnet flame
Daily Mail…..15 Jun 2012

• Both Flame and Stuxnet are believed to have
  been used by the U.S. government to wage
  online warfare against hostile regimes.
Washington Post ..17 Jun 2012
• The recent disclosure that Stuxnet was approved by both Presidents
  George W. Bush and Obama as a covert operation aimed at Iran sheds new
  light on a nascent U.S. offensive cyberweapons program that has largely
  existed in the shadows. Instead of forcing cyberweapons into deeper
  secrecy, the disclosure should prompt a more open and thorough policy
  debate about 21st-century threats and how they will be countered with
  American power.

• The virus, codenamed Olympic Games, was passed from President Bush to
  President Obama. Obama knew about each attack made against the
  Iranian nuclear program, deciding this was a good alternative to a physical
  war
• This is just the beginning……………

More Related Content

What's hot

Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
Stuxnet
StuxnetStuxnet
Stuxnet
Symantec
 
Conficker
ConfickerConficker
Conficker
Bobmathews
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Alfred George
 
Cyberwar
CyberwarCyberwar
Cyberwar
Sam Bowne
 
Metasploit
MetasploitMetasploit
Research Paper on Digital Forensic
Research Paper on Digital ForensicResearch Paper on Digital Forensic
Research Paper on Digital Forensic
Thomas Roccia
 
MOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITYMOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITY
JASHU JASWANTH
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
Skycure
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
n|u - The Open Security Community
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
yogendrasinghchahar
 
Ransomware
Ransomware Ransomware
Ransomware
Armor
 
OpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment ScannerOpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment Scanner
Chandrak Trivedi
 
Supply chain-attack
Supply chain-attackSupply chain-attack
Supply chain-attack
vikram vashisth
 
Computer Security - Case Study
Computer Security - Case StudyComputer Security - Case Study
Computer Security - Case Study
DamaineFranklinMScBE
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 
malware analysis
malware  analysismalware  analysis
malware analysis
20CS201AkashR
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer Security
Nicholas Davis
 
Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)
avahe
 

What's hot (20)

Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
Conficker
ConfickerConficker
Conficker
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Cyberwar
CyberwarCyberwar
Cyberwar
 
Metasploit
MetasploitMetasploit
Metasploit
 
Research Paper on Digital Forensic
Research Paper on Digital ForensicResearch Paper on Digital Forensic
Research Paper on Digital Forensic
 
MOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITYMOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITY
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Ransomware
Ransomware Ransomware
Ransomware
 
OpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment ScannerOpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment Scanner
 
Supply chain-attack
Supply chain-attackSupply chain-attack
Supply chain-attack
 
Computer Security - Case Study
Computer Security - Case StudyComputer Security - Case Study
Computer Security - Case Study
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
malware analysis
malware  analysismalware  analysis
malware analysis
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer Security
 
Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)
 

Viewers also liked

Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
Iftach Ian Amit
 
INTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPSINTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPS
Santosh Khadsare
 
Virus&malware
Virus&malwareVirus&malware
Virus&malware
Robin Garza
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
Espionage
EspionageEspionage
Espionage
Tom Clowers
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
Area41
 
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
reza00021
 
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industrielNuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
David Bigot
 
Stuxnet
StuxnetStuxnet
Stuxnet
shiva_sathish
 
Duqu: il nuovo Stuxnet?
Duqu: il nuovo Stuxnet?Duqu: il nuovo Stuxnet?
Duqu: il nuovo Stuxnet?
Symantec Italia
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1
Byres Security Inc.
 
Case study 11
Case study 11Case study 11
Case study 11
khaled alsaeh
 
FLAME Conference Program
FLAME Conference ProgramFLAME Conference Program
FLAME Conference Program
Lee Mordechai
 
10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More Profit10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More Profit
WhatRunsWhere
 
Corporate espionage versus competitive intelligence
Corporate espionage versus competitive intelligenceCorporate espionage versus competitive intelligence
Corporate espionage versus competitive intelligence
Martin Brunet
 
Human as a virus
Human as a  virusHuman as a  virus
Human as a virus
Yaniv sela
 
Digital Citizenship and Surveillance Society: Media
Digital Citizenship and Surveillance Society: MediaDigital Citizenship and Surveillance Society: Media
Digital Citizenship and Surveillance Society: Media
Karin Wahl-Jorgensen
 
Cinema Volano - Programma Dicembre-Febbraio
Cinema Volano - Programma Dicembre-Febbraio Cinema Volano - Programma Dicembre-Febbraio
Cinema Volano - Programma Dicembre-Febbraio
kennywhite
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
anupriti
 

Viewers also liked (20)

Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
INTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPSINTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPS
 
Virus&malware
Virus&malwareVirus&malware
Virus&malware
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
Espionage
EspionageEspionage
Espionage
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
 
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
 
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industrielNuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
Duqu: il nuovo Stuxnet?
Duqu: il nuovo Stuxnet?Duqu: il nuovo Stuxnet?
Duqu: il nuovo Stuxnet?
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1
 
Case study 11
Case study 11Case study 11
Case study 11
 
FLAME Conference Program
FLAME Conference ProgramFLAME Conference Program
FLAME Conference Program
 
10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More Profit10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More Profit
 
Corporate espionage versus competitive intelligence
Corporate espionage versus competitive intelligenceCorporate espionage versus competitive intelligence
Corporate espionage versus competitive intelligence
 
Human as a virus
Human as a  virusHuman as a  virus
Human as a virus
 
Digital Citizenship and Surveillance Society: Media
Digital Citizenship and Surveillance Society: MediaDigital Citizenship and Surveillance Society: Media
Digital Citizenship and Surveillance Society: Media
 
Cinema Volano - Programma Dicembre-Febbraio
Cinema Volano - Programma Dicembre-Febbraio Cinema Volano - Programma Dicembre-Febbraio
Cinema Volano - Programma Dicembre-Febbraio
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 

Similar to Stuxnet flame

Historyofviruses
HistoryofvirusesHistoryofviruses
Historyofviruses
Fathoni Mahardika II
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus
Ammy Vijay
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
mkgspsu
 
Computer worm
Computer wormComputer worm
Computer worm
zelkan19
 
Computer worm
Computer wormComputer worm
Computer worm
zelkan19
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
VijayPatidar71
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
NORTHCUSTOMS
 
Viruses (2).ppt
Viruses (2).pptViruses (2).ppt
Viruses (2).ppt
PrinceYdvz
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
Priyanka Aggarwal
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
AsimRaza464161
 
Viruses (1).ppt
Viruses (1).pptViruses (1).ppt
Viruses (1).ppt
LadyChristianneCalic
 
Viruses
VirusesViruses
Viruses
AlyssaFerrer7
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Dark Side
 
Cyber
CyberCyber
Cyber
jarajana
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virus
Leonor Costa
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systems
Andrea Bissoli
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & worms
vivek pratap singh
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
GrittyCC
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
malikmuzammil2326
 
Trojan ppt pianca
Trojan ppt piancaTrojan ppt pianca
Trojan ppt pianca
Priyanka Daimary
 

Similar to Stuxnet flame (20)

Historyofviruses
HistoryofvirusesHistoryofviruses
Historyofviruses
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer worm
Computer wormComputer worm
Computer worm
 
Computer worm
Computer wormComputer worm
Computer worm
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses (2).ppt
Viruses (2).pptViruses (2).ppt
Viruses (2).ppt
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses (1).ppt
Viruses (1).pptViruses (1).ppt
Viruses (1).ppt
 
Viruses
VirusesViruses
Viruses
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Cyber
CyberCyber
Cyber
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virus
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systems
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & worms
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Trojan ppt pianca
Trojan ppt piancaTrojan ppt pianca
Trojan ppt pianca
 

More from Santosh Khadsare

Cyber fraud (netflix)
Cyber fraud (netflix)Cyber fraud (netflix)
Cyber fraud (netflix)
Santosh Khadsare
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
Santosh Khadsare
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
Santosh Khadsare
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
Santosh Khadsare
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
Santosh Khadsare
 
Lec 1 apln security(4pd)
Lec  1 apln security(4pd)Lec  1 apln security(4pd)
Lec 1 apln security(4pd)
Santosh Khadsare
 
Smart card
Smart cardSmart card
Smart card
Santosh Khadsare
 
Guassvirus
GuassvirusGuassvirus
Guassvirus
Santosh Khadsare
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Webmail
WebmailWebmail
Linux Forensics
Linux ForensicsLinux Forensics
Linux Forensics
Santosh Khadsare
 
Web server
Web serverWeb server
Web server
Santosh Khadsare
 
Samba server
Samba serverSamba server
Samba server
Santosh Khadsare
 
Firewall(linux)
Firewall(linux)Firewall(linux)
Firewall(linux)
Santosh Khadsare
 
Securitytips
SecuritytipsSecuritytips
Securitytips
Santosh Khadsare
 
Linux basics
Linux basicsLinux basics
Linux basics
Santosh Khadsare
 
Linuxfilesys
LinuxfilesysLinuxfilesys
Linuxfilesys
Santosh Khadsare
 
Linuxconcepts
LinuxconceptsLinuxconcepts
Linuxconcepts
Santosh Khadsare
 
Introtolinux
IntrotolinuxIntrotolinux
Introtolinux
Santosh Khadsare
 
New internet
New internetNew internet
New internet
Santosh Khadsare
 

More from Santosh Khadsare (20)

Cyber fraud (netflix)
Cyber fraud (netflix)Cyber fraud (netflix)
Cyber fraud (netflix)
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Lec 1 apln security(4pd)
Lec  1 apln security(4pd)Lec  1 apln security(4pd)
Lec 1 apln security(4pd)
 
Smart card
Smart cardSmart card
Smart card
 
Guassvirus
GuassvirusGuassvirus
Guassvirus
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Webmail
WebmailWebmail
Webmail
 
Linux Forensics
Linux ForensicsLinux Forensics
Linux Forensics
 
Web server
Web serverWeb server
Web server
 
Samba server
Samba serverSamba server
Samba server
 
Firewall(linux)
Firewall(linux)Firewall(linux)
Firewall(linux)
 
Securitytips
SecuritytipsSecuritytips
Securitytips
 
Linux basics
Linux basicsLinux basics
Linux basics
 
Linuxfilesys
LinuxfilesysLinuxfilesys
Linuxfilesys
 
Linuxconcepts
LinuxconceptsLinuxconcepts
Linuxconcepts
 
Introtolinux
IntrotolinuxIntrotolinux
Introtolinux
 
New internet
New internetNew internet
New internet
 

Recently uploaded

slidesgo-mastering-the-art-of-listening-insights-from-robin-sharma-2024070718...
slidesgo-mastering-the-art-of-listening-insights-from-robin-sharma-2024070718...slidesgo-mastering-the-art-of-listening-insights-from-robin-sharma-2024070718...
slidesgo-mastering-the-art-of-listening-insights-from-robin-sharma-2024070718...
MANIVALANSR
 
BỘ ĐỀ THI HỌC SINH GIỎI CÁC TỈNH MÔN TIẾNG ANH LỚP 9 NĂM HỌC 2023-2024 (CÓ FI...
BỘ ĐỀ THI HỌC SINH GIỎI CÁC TỈNH MÔN TIẾNG ANH LỚP 9 NĂM HỌC 2023-2024 (CÓ FI...BỘ ĐỀ THI HỌC SINH GIỎI CÁC TỈNH MÔN TIẾNG ANH LỚP 9 NĂM HỌC 2023-2024 (CÓ FI...
BỘ ĐỀ THI HỌC SINH GIỎI CÁC TỈNH MÔN TIẾNG ANH LỚP 9 NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
SD_Integrating 21st Century Skills in Classroom-based Assessment.pptx
SD_Integrating 21st Century Skills in Classroom-based Assessment.pptxSD_Integrating 21st Century Skills in Classroom-based Assessment.pptx
SD_Integrating 21st Century Skills in Classroom-based Assessment.pptx
elwoodprias1
 
Mail Server Configuration Using App passwords in Odoo 17
Mail Server Configuration Using App passwords in Odoo 17Mail Server Configuration Using App passwords in Odoo 17
Mail Server Configuration Using App passwords in Odoo 17
Celine George
 
C Interview Questions PDF By Scholarhat.pdf
C Interview Questions PDF By Scholarhat.pdfC Interview Questions PDF By Scholarhat.pdf
C Interview Questions PDF By Scholarhat.pdf
Scholarhat
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
Nguyen Thanh Tu Collection
 
Demonstration module in Odoo 17 - Odoo 17 Slides
Demonstration module in Odoo 17 - Odoo 17 SlidesDemonstration module in Odoo 17 - Odoo 17 Slides
Demonstration module in Odoo 17 - Odoo 17 Slides
Celine George
 
7. Post Harvest Entomology and their control.pptx
7. Post Harvest Entomology and their control.pptx7. Post Harvest Entomology and their control.pptx
7. Post Harvest Entomology and their control.pptx
UmeshTimilsina1
 
FINAL MATATAG Science CG 2023 Grades 3-10.pdf
FINAL MATATAG Science CG 2023 Grades 3-10.pdfFINAL MATATAG Science CG 2023 Grades 3-10.pdf
FINAL MATATAG Science CG 2023 Grades 3-10.pdf
maritescanete2
 
ASP.NET Core Interview Questions PDF By ScholarHat.pdf
ASP.NET Core Interview Questions PDF By ScholarHat.pdfASP.NET Core Interview Questions PDF By ScholarHat.pdf
ASP.NET Core Interview Questions PDF By ScholarHat.pdf
Scholarhat
 
Java MCQ Questions and Answers PDF By ScholarHat
Java MCQ Questions and Answers PDF By ScholarHatJava MCQ Questions and Answers PDF By ScholarHat
Java MCQ Questions and Answers PDF By ScholarHat
Scholarhat
 
1. Importance_of_reducing_postharvest_loss.pptx
1. Importance_of_reducing_postharvest_loss.pptx1. Importance_of_reducing_postharvest_loss.pptx
1. Importance_of_reducing_postharvest_loss.pptx
UmeshTimilsina1
 
Odoo 17 Events - Attendees List Scanning
Odoo 17 Events - Attendees List ScanningOdoo 17 Events - Attendees List Scanning
Odoo 17 Events - Attendees List Scanning
Celine George
 
E-learning Odoo 17 New features - Odoo 17 Slides
E-learning Odoo 17  New features - Odoo 17 SlidesE-learning Odoo 17  New features - Odoo 17 Slides
E-learning Odoo 17 New features - Odoo 17 Slides
Celine George
 
Node JS Interview Question PDF By ScholarHat
Node JS Interview Question PDF By ScholarHatNode JS Interview Question PDF By ScholarHat
Node JS Interview Question PDF By ScholarHat
Scholarhat
 
Dot NET Interview Questions PDF By ScholarHat
Dot NET Interview Questions PDF By ScholarHatDot NET Interview Questions PDF By ScholarHat
Dot NET Interview Questions PDF By ScholarHat
Scholarhat
 
FIRST AID PRESENTATION ON INDUSTRIAL SAFETY by dr lal.ppt
FIRST AID PRESENTATION ON INDUSTRIAL SAFETY by dr lal.pptFIRST AID PRESENTATION ON INDUSTRIAL SAFETY by dr lal.ppt
FIRST AID PRESENTATION ON INDUSTRIAL SAFETY by dr lal.ppt
ashutoshklal29
 
Codeavour 5.0 International Impact Report - The Biggest International AI, Cod...
Codeavour 5.0 International Impact Report - The Biggest International AI, Cod...Codeavour 5.0 International Impact Report - The Biggest International AI, Cod...
Codeavour 5.0 International Impact Report - The Biggest International AI, Cod...
Codeavour International
 
3. Maturity_indices_of_fruits_and_vegetable.pptx
3. Maturity_indices_of_fruits_and_vegetable.pptx3. Maturity_indices_of_fruits_and_vegetable.pptx
3. Maturity_indices_of_fruits_and_vegetable.pptx
UmeshTimilsina1
 
Benchmarking Sustainability: Neurosciences and AI Tech Research in Macau - Ke...
Benchmarking Sustainability: Neurosciences and AI Tech Research in Macau - Ke...Benchmarking Sustainability: Neurosciences and AI Tech Research in Macau - Ke...
Benchmarking Sustainability: Neurosciences and AI Tech Research in Macau - Ke...
Alvaro Barbosa
 

Recently uploaded (20)

slidesgo-mastering-the-art-of-listening-insights-from-robin-sharma-2024070718...
slidesgo-mastering-the-art-of-listening-insights-from-robin-sharma-2024070718...slidesgo-mastering-the-art-of-listening-insights-from-robin-sharma-2024070718...
slidesgo-mastering-the-art-of-listening-insights-from-robin-sharma-2024070718...
 
BỘ ĐỀ THI HỌC SINH GIỎI CÁC TỈNH MÔN TIẾNG ANH LỚP 9 NĂM HỌC 2023-2024 (CÓ FI...
BỘ ĐỀ THI HỌC SINH GIỎI CÁC TỈNH MÔN TIẾNG ANH LỚP 9 NĂM HỌC 2023-2024 (CÓ FI...BỘ ĐỀ THI HỌC SINH GIỎI CÁC TỈNH MÔN TIẾNG ANH LỚP 9 NĂM HỌC 2023-2024 (CÓ FI...
BỘ ĐỀ THI HỌC SINH GIỎI CÁC TỈNH MÔN TIẾNG ANH LỚP 9 NĂM HỌC 2023-2024 (CÓ FI...
 
SD_Integrating 21st Century Skills in Classroom-based Assessment.pptx
SD_Integrating 21st Century Skills in Classroom-based Assessment.pptxSD_Integrating 21st Century Skills in Classroom-based Assessment.pptx
SD_Integrating 21st Century Skills in Classroom-based Assessment.pptx
 
Mail Server Configuration Using App passwords in Odoo 17
Mail Server Configuration Using App passwords in Odoo 17Mail Server Configuration Using App passwords in Odoo 17
Mail Server Configuration Using App passwords in Odoo 17
 
C Interview Questions PDF By Scholarhat.pdf
C Interview Questions PDF By Scholarhat.pdfC Interview Questions PDF By Scholarhat.pdf
C Interview Questions PDF By Scholarhat.pdf
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
 
Demonstration module in Odoo 17 - Odoo 17 Slides
Demonstration module in Odoo 17 - Odoo 17 SlidesDemonstration module in Odoo 17 - Odoo 17 Slides
Demonstration module in Odoo 17 - Odoo 17 Slides
 
7. Post Harvest Entomology and their control.pptx
7. Post Harvest Entomology and their control.pptx7. Post Harvest Entomology and their control.pptx
7. Post Harvest Entomology and their control.pptx
 
FINAL MATATAG Science CG 2023 Grades 3-10.pdf
FINAL MATATAG Science CG 2023 Grades 3-10.pdfFINAL MATATAG Science CG 2023 Grades 3-10.pdf
FINAL MATATAG Science CG 2023 Grades 3-10.pdf
 
ASP.NET Core Interview Questions PDF By ScholarHat.pdf
ASP.NET Core Interview Questions PDF By ScholarHat.pdfASP.NET Core Interview Questions PDF By ScholarHat.pdf
ASP.NET Core Interview Questions PDF By ScholarHat.pdf
 
Java MCQ Questions and Answers PDF By ScholarHat
Java MCQ Questions and Answers PDF By ScholarHatJava MCQ Questions and Answers PDF By ScholarHat
Java MCQ Questions and Answers PDF By ScholarHat
 
1. Importance_of_reducing_postharvest_loss.pptx
1. Importance_of_reducing_postharvest_loss.pptx1. Importance_of_reducing_postharvest_loss.pptx
1. Importance_of_reducing_postharvest_loss.pptx
 
Odoo 17 Events - Attendees List Scanning
Odoo 17 Events - Attendees List ScanningOdoo 17 Events - Attendees List Scanning
Odoo 17 Events - Attendees List Scanning
 
E-learning Odoo 17 New features - Odoo 17 Slides
E-learning Odoo 17  New features - Odoo 17 SlidesE-learning Odoo 17  New features - Odoo 17 Slides
E-learning Odoo 17 New features - Odoo 17 Slides
 
Node JS Interview Question PDF By ScholarHat
Node JS Interview Question PDF By ScholarHatNode JS Interview Question PDF By ScholarHat
Node JS Interview Question PDF By ScholarHat
 
Dot NET Interview Questions PDF By ScholarHat
Dot NET Interview Questions PDF By ScholarHatDot NET Interview Questions PDF By ScholarHat
Dot NET Interview Questions PDF By ScholarHat
 
FIRST AID PRESENTATION ON INDUSTRIAL SAFETY by dr lal.ppt
FIRST AID PRESENTATION ON INDUSTRIAL SAFETY by dr lal.pptFIRST AID PRESENTATION ON INDUSTRIAL SAFETY by dr lal.ppt
FIRST AID PRESENTATION ON INDUSTRIAL SAFETY by dr lal.ppt
 
Codeavour 5.0 International Impact Report - The Biggest International AI, Cod...
Codeavour 5.0 International Impact Report - The Biggest International AI, Cod...Codeavour 5.0 International Impact Report - The Biggest International AI, Cod...
Codeavour 5.0 International Impact Report - The Biggest International AI, Cod...
 
3. Maturity_indices_of_fruits_and_vegetable.pptx
3. Maturity_indices_of_fruits_and_vegetable.pptx3. Maturity_indices_of_fruits_and_vegetable.pptx
3. Maturity_indices_of_fruits_and_vegetable.pptx
 
Benchmarking Sustainability: Neurosciences and AI Tech Research in Macau - Ke...
Benchmarking Sustainability: Neurosciences and AI Tech Research in Macau - Ke...Benchmarking Sustainability: Neurosciences and AI Tech Research in Macau - Ke...
Benchmarking Sustainability: Neurosciences and AI Tech Research in Macau - Ke...
 

Stuxnet flame

  • 2. “Now we’re living in the era of cyber weapons. The world is different. Not just cyber hooligans, vandals. Not just criminals. But governments are in the game and I’m afraid for the worst, I’m still expecting, cyber terrorism.” Eugene Kaspersky ,CEO of Kaspersky Lab
  • 3. Stuxnet….Duqu….Flame • Stuxnet is a computer work discovered in June 2010. Stuxnet initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment. While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit. • Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The main component used in Duqu is designed to capture information such as
  • 4. Stuxnet….Duqu….Flame • Flame like Duqu, is designed to steal different databases. A completely new thing that Flame can be used for is audio spying. Flame detects and recognizes a microphone on the infected computer, turns the microphone on and then records every conversation taking place in this room. Recorded data is immediately transferred to the server from which the virus began to spread.
  • 6. Stuxnet • Spread on Microsoft Windows • Developed June 2009 • Spreading began late 2009/early 2010 • Discovered in July 2010 o Microsoft out-of-band patch released August 2010 - .lnk exploit o More patches with the September 'Patch Tuesday' - print spooler exploit • Around half a megabyte • C, C++, and other object oriented languages
  • 7. What the news says it was • Iranian centrifuge destroyer! o It's one goal was to destroy the Iranian nuclear program • Developed by the United States and Israel • Contributed to the Gulf oil leak • 'Mission: Impossible'-like virus • It will kill your unborn children o Assuming they are born in a hospital using PLC machines
  • 8. How it did it • USB drive for initial infection, then spread on network • .lnk file exploit o As soon as the shortcut is displayed, exploit is run • Windows vulnerabilities o EoP  Task scheduler o MS08-067 (Conficker) - Already patched!!!! (but not on these systems) o Printspooler exploit o Used at least 4 previously undiscovered vulnerabilities • Searched for WinCC and PCS 7 SCADA management programs o Tried default Siemens passwords to gain access o If access is granted, PLC software could be reprogrammed • Used stolen signed digital certificates
  • 9. How it did it (cont.) • Installed a RPC server • Self-updating o Machines check on other machines running Stuxnet and do a version check o Newer versions automatically push their version onto the other machines o Older versions automatically request newer version to be pushed  If central server goes down, updates still spread *RPC: Remote Procedure Call
  • 12. Links • Stuxnet was the first cyber-weapon targeting industrial facilities. The fact that Stuxnet also infected regular PCs worldwide led to its discovery in June 2010, although the earliest known version of the malicious program was created one year before that. • The next example of a cyber-weapon, now known as Duqu, was found in September 2011. Unlike Stuxnet, the main task of the Duqu Trojan was to serve as a backdoor to the infected system and steal private information (cyber-espionage). • During the analysis of Duqu, strong similarities
  • 13. Senior Virus Analyst Alexander Gostev A Russian computer security company (Kaspersky Lab’s) detected a new spyware program called Flame.
  • 14. The Find……..Flame • In April 2012, several computers of the National Iranian Oil Company, as well as several Iranian ministries, have been infected by an unknown virus. This case was just a single link in a chain of cyber attacks during which viruses like Stuxnet and Duqu were used. • The International Telecommunication Union (ITU) has Kaspersky Labs to analyze the situation. They were searching for a virus called Wiper, but found something more terrible instead – the Flame.
  • 15. The Find……..Flame • The “Resource 207” module is an encrypted DLL file and it contains an executable file that’s the size of 351,768 bytes with the name “atmpsvcn.ocx”. This particular file, as it is now revealed by Kaspersky Lab’s investigation, has a lot in common with the code used in Flame. • The list of striking resemblances includes the names of mutually exclusive objects, the algorithm used to decrypt strings, and the similar approaches to file naming. • More than that, most sections of code appear to be identical or similar in the respective Stuxnet and Flame modules, which leads to the
  • 17. • Kaspersky Lab discovered that a module from the early 2009-version of Stuxnet, known as “Resource 207,” was actually a Flame plugin. • This means that when the Stuxnet worm was created in the beginning of 2009, the Flame platform already existed, and that in 2009, the source code of at least one module of Flame was used in Stuxnet. • This module was used to spread the infection via USB drives. The code of the USB drive infection mechanism is identical in Flame and Stuxnet.
  • 18. • The Flame module in Stuxnet also exploited a vulnerability which was unknown at the time and which enabled escalation of privileges, presumably MS09-025. Subsequently, the Flame plugin module was removed from Stuxnet in 2010 and replaced by several different modules that utilized new vulnerabilities.
  • 21. Flame: The sophisticated virus has been used to spy on computer systems
  • 25. Daily Mail…..15 Jun 2012 • Both Flame and Stuxnet are believed to have been used by the U.S. government to wage online warfare against hostile regimes.
  • 26. Washington Post ..17 Jun 2012 • The recent disclosure that Stuxnet was approved by both Presidents George W. Bush and Obama as a covert operation aimed at Iran sheds new light on a nascent U.S. offensive cyberweapons program that has largely existed in the shadows. Instead of forcing cyberweapons into deeper secrecy, the disclosure should prompt a more open and thorough policy debate about 21st-century threats and how they will be countered with American power. • The virus, codenamed Olympic Games, was passed from President Bush to President Obama. Obama knew about each attack made against the Iranian nuclear program, deciding this was a good alternative to a physical war
  • 27. • This is just the beginning……………