Iran hit by strange virus!

Biggins

15,000 post - woo-hoo!

Iran struggling to contain 'foreign-made' 'Stuxnet' computer virus

TEHRAN - Iran suspects that a foreign organization or nation designed "Stuxnet," a quickly mutating computer worm that has been infiltrating industrial computer systems in the Islamic republic, a high-ranking official said Monday.

"We had anticipated that we could root out the virus within one to two months," Hamid Alipour, deputy head of Iran's Information Technology Co., a part of the ministry of communication and information technology, told the Islamic Republic News Agency. "But the virus is not stable, and since we started the cleanup process three new versions of it have been spreading," he said.
No one has claimed responsibility for the worm and no entity or country has been definitively identified as its source.
It is the first known case of malware designed to sabotage an industrial control system. "We've never seen anything like this before," said Liam O'Murchu, a researcher with the security firm Symantec.

More here: http://www.washingtonpost.com/wp-dyn/content/article/2010/09/27/AR2010092706229.html

...So would anyone like to guess where this super virus has come from.
I don't have a clue. :pac:

Pyr0

I really shouldn't have coughed on that computer..

NothingMan

Jeff Goldblum does it again!

Sea Sharp

You of all people should know should know something like this was discussed recently in some other thread.

p.s, congratulations on the post count, it's beautiful.

Jumpy

NothingMans REAL post before the ninja edit wrote: »

I wonder what Obamas hacker name is

NothingMan wrote: »

Jeff Goldblum does it again!

Pr3zBOB



Edit: WTF NothingMan. Ninja Edit.

Oranage2

Things like this makes me question how people still doubt there's an Illuminati

thebigbiffo

from the brain of some dude wearing massive glasses who has greasy skin and hasnt seen daylight for 10 years.

job done

Duggy747

They should've installed AVG.

Phill Ewinn

Who cares?

Biggins

Sea Sharp wrote: »

You of all people should know should know something like this was discussed recently in some other thread.

I don't read all threads.
Me sorrweee.

Sykk

Good.

Biggins

Phill Ewinn wrote: »

Who cares?

The Iranians? :P

Sykk

Biggins wrote: »

15,000 post - woo-hoo!

...So would anyone like to guess where this super virus has come from.
I don't have a clue. :pac:

I just wonder!

Duggy747

These sort of attacks usually come from the Russian side of the world. That or somebody working there probably downloaded some dodgy porn :pac:

Hande hoche!

Probably the juice.

The Volt

I didn't want to get infected so Iran

Biggins

Duggy747 wrote: »

...somebody working there probably downloaded some dodgy porn :pac:

We here in AH wouldn't know what Russian dodgy porn is.
We are all good little clean folk here.

Biggins

Voltwad wrote: »

I didn't want to get infected so Iran

That was so bad - it was good! :pac:

Stinicker

Cybersex = Cyber STDs for those Iranians.

Princess Consuela Bananahammock

Oranage2 wrote: »

Things like this makes me question how people still doubt there's an Illuminati

Illunimati, ny arse! More likely 4chan. That is, unless, they are the same...

Terry

My browser crashed, and the laptop on which I was backing stuff up, and which is on the same network, also crashed when I opened this thread.

I blame Biggins.

Or it was Israel. More than likely Israel. They've shown that they are not averse to dodgy actions like this.

prinz

Duggy747 wrote: »

These sort of attacks usually come from the Russian side of the world. That or somebody working there probably downloaded some dodgy porn :pac:

+1, the Stuxnet was first reported by an internet security company in Belarus and is thought to have been brought into Iran by the Russian technical teams sent there to help with building the plants.

pickarooney

How did this executable get executed?
Iran it

alexlyons

I though Apple's "I" devices didn't get viruses...?? :pac:


/awaits a slap before leaving

Biggins

prinz wrote: »

+1, the Stuxnet was first reported by an internet security company in Belarus and is thought to have been brought into Iran by the Russian technical teams sent there to help with building the plants.

...Or maybe its meant to look that way!
I'm off to get my tin hat again. You know - just in case! :pac:

prinz

The link to Iran is a media gold mine. There was no one crying about Germany being hit by a strange virus back in the day :rolleyes: No one cares if Siemens systems there are affected...

http://www.controleng.com/channels/manufacturing-it/industry-news/single-article/siemens-update-on-stuxnet-virus-simatic-wincc-scada-systems/8eb094cec6.html

http://www.h-online.com/security/news/item/Stuxnet-also-found-at-industrial-plants-in-Germany-1081469.html

Biggins

prinz wrote: »

The link to Iran is a media gold mine. There was no one crying about Germany being hit by a strange virus back in the day :rolleyes: No one cares if Siemens systems there are affected...

http://www.controleng.com/channels/manufacturing-it/industry-news/single-article/siemens-update-on-stuxnet-virus-simatic-wincc-scada-systems/8eb094cec6.html

http://www.h-online.com/security/news/item/Stuxnet-also-found-at-industrial-plants-in-Germany-1081469.html

I'd be more worried about such a virus effecting the Iranians nuclear launch capability, if they have eventually quietly progressed that far.
It might in fact have the opposite effect and knock their whole systems out in that area - which is not a bad thing.

The Volt

pickarooney wrote: »

How did this executable get executed?
Iran it

Same punchline a few posts earlier, no thanks. Damn you :pac:

ScumLord

There's a disappointing lack of Zombies in this Virus storey.

Biggins

ScumLord wrote: »

There's a disappointing lack of Zombies in this Virus storey.

Disappointing lack of Jelly Babies too!

ScumLord

Biggins wrote: »

Disappointing lack of Jelly Babies too!

With all the talk of Siemens that's probably for the best.

Biggins

ScumLord wrote: »

With all the talk of Siemens that's probably for the best.

:pac:

Biggins

Hackers Unleash Worm That Damages Real World

Computer hackers have unleashed the first virus designed to damage targets in the real world - opening the door to a new era of cyber-warfare.

The Stuxnet worm is the first known malicious software designed to destroy or sabotage factories, power plants, refineries or other industrial installations.

We are used to Trojans and viruses roaming the internet harming computers and causing financial damage, but Stuxnet is in a league of its own.
The worm targets closed and highly secure industrial networks.
After being introduced with a USB key, Stuxnet slips past four previously unknown vulnerabilities in the Windows operating system, so-called "zero day" vulnerabilities.

It is rare for malicious software to exploit even two of them.
Each one can take months for hackers to identify and more time to write software to exploit.
The worm then hunts for specific types of computers made by German company Siemens.

Having found its host, it lies dormant, waiting for a certain moment to override the computer's control of industrial machinery, with potentially disastrous consequences.
This new breed of malware could wreak the kind of damage only previously seen in Hollywood disaster films.

Imagine a nuclear power station's cooling system being overridden, for example.
Or a railway's signals system thrown into chaos.
Experts estimate developing the Stuxnet worm would have taken a highly specialised team between six months to a year.

Israeli cybersecurity strategist Gadi Evron says the worm is so advanced it is almost certainly state-sponsored.
"This would require a lot of resources on the level of a nation state.
"Taking into account the intelligence required to attack a specific target, it would be virtually impossible that this is a lone attacker sitting at home."

Less impressive, though, is the spread of the worm's infection.
"The attack managed to infect, over several months, something like 30,000 to 50,000 PCs in many facilities and corporations worldwide," Uri Rivner from internet security company RSA told Sky News.
Such a wide dissemination has helped expose the worm's existence and helped efforts to neutralise it.

It also raises questions about the likely target for the worm.
Iran says computers at its nuclear plant in Bushehr have been compromised by the worm but will not reveal the extent of the damage.
Some figures suggest 60% of the Stuxnet infections are in Iran.
That has led to a highly speculative finger of blame being pointed at Israel.

Is the Jewish state trying to disrupt Iran's alleged nuclear weapons programme?
We will probably never know. Other unknowns also remain. Has the worm already achieved its goal, or is it lying in wait to carry out its sabotage? Is Iran the intended victim, are other countries at risk?
And, more worryingly, the worm is a trailblazer.

Other hackers can learn from its pioneering methods to produce more sophisticated malware threatening other networks in the future.

Source: http://uk.news.yahoo.com/5/20100929/twl-hackers-unleash-worm-that-damages-re-3fd0ae9.html

IvySlayer

Duggy747 wrote: »

They should've installed AVG.

AVG sucks.

Avira where it's at.

Soby

Pyr0 wrote: »

I really shouldn't have coughed on that computer..

Cough........

Chairman Meow

What people dont realise about stuxnet is that its not a virus that can be removed. This isnt something iran will recover from in a few weeks, or even months, this has set them back about 9 years tech wise. The infected PLCs cannot be repaired, or have the worm removed, theyre completely dead now. Any announcements iran makes int he coming years regarding their progress with uranium enrichment, is going to be a complete fabrication

A Primal Nut

Biggins wrote: »

I'd be more worried about such a virus effecting the Iranians nuclear launch capability.

You'd be worried about the Iranian's inability to launch nuclear weapons? Why?

Fajitas!

Needs more zombie virus.

Canis Lupus

Chairman Meow wrote: »

What people dont realise about stuxnet is that its not a virus that can be removed.

Why?

old_aussie

Biggins wrote: »

Hackers Unleash Worm That Damages Real World



Source: http://uk.news.yahoo.com/5/20100929/twl-hackers-unleash-worm-that-damages-re-3fd0ae9.html

I started a thread about this several days ago, mods should combine threads.

http://www.boards.ie/vbulletin/showthread.php?p=68196654#post68196654

Stercus Accidit

Chairman Meow wrote: »

What people dont realise about stuxnet is that its not a virus that can be removed. This isnt something iran will recover from in a few weeks, or even months, this has set them back about 9 years tech wise. The infected PLCs cannot be repaired, or have the worm removed, theyre completely dead now. Any announcements iran makes int he coming years regarding their progress with uranium enrichment, is going to be a complete fabrication

My idea is this, cut the nuclear facilitys ethernet cables, remove the hard drives, smash them up with a hammer, and throw them in a waste paper basket, get new snazzy SSD drives (atm machine) and reinstall windows 95.
Then, don't have ****in usb ports, fill em with glue and paper clips, and the same for the lan connections, glue in the ones you need, gum up the ones you don't and don't have an internet connection, what are you looking at, plutonium rod on rod action?

Have an 'OFF' switch somewhere.

Iran, my fee is 1 million dollars for which you can fix all your woes.

karma_

I wonder how we would react if this attack was against a station like, say.. Sellafield, and it's cooling system was overridden. New hymn-sheets please.

NothingMan

ScumLord wrote: »

There's a disappointing lack of Zombies in this Virus storey.

Biggins wrote: »

Disappointing lack of Jelly Babies too!

Sorted.

Biggins

A Primal Nut wrote: »

You'd be worried about the Iranian's inability to launch nuclear weapons? Why?

Thats is not what I said.
What I said was:

I'd be more worried about such a virus effecting the Iranians nuclear launch capability, if they have eventually quietly progressed that far.
It might in fact have the opposite effect and knock their whole systems out in that area - which is not a bad thing.

...which if read right, will make better sense.

ressem

Canis Lupus wrote: »

Why?

Don't see why it couldn't be removed either.
Tricky of course, a job for the manufacturer.

Analysis of the windows install process is ...
http://www.symantec.com/connect/blogs/w32stuxnet-installation-details

Once it gets onto a windows machine it replaces Step7 software with it's own version to write to the PLC and prevent other software from detecting and overwriting the PLC.
It communicates with other clients to transfer updates using RPC.
http://www.symantec.com/connect/blogs/stuxnet-p2p-component
And it attempts to connect with http port 80 to communicate with the control server.

A clean windows client should be able to rewrite the PLC to it's original state. No description of it being able to recopy itself running on the machine.

You might wonder whether corrupt employees at JMicron or Realtek might have sold the private certs to the black market.

There are all sorts of theory about the target systems. Belarus to Indonesia.

There's plenty of industrial machinery in this country running NT4 with realtime kernel patches, which is maintained by the manufacturer using a logmein style system over the internet.
External IT people aren't even aware of them in some cases until the network cable is connected up by staff. They are just told that all the computers are in the offices.

maxxie

American handy work

Notorious97

I don’t see it as any harm setting back their nuclear program a few years, i wouldn’t trust them with nuclear weapons. If its a civilian nuclear program then thats fine.

Biggins

Well now, who would have guessed it!
Many its seems!

A computer worm designed to cripple Iran’s uranium enrichment programme was the result of a joint operation between the US National Security Agency and a secret Israeli cyberwarfare unit, American officials have confirmed for the first time.

The officials, interviewed by a reporter from the New York Times, say that the Stuxnet worm was originally commissioned by President Bush but has been enthusiastically embraced by his successor, Barack Obama.
The journalist, David Sanger, says that President Obama decided to step up cyber-attacks on Iran’s Natanz enrichment facility, even after the existence of the worm became public in 2010 after it leaked out onto the internet.

That event was reported around the world at that time, with most experts describing it as the brainchild of the Israeli military.

http://www.thetimes.co.uk/tto/news/world/middleeast/article3433284.ece

The project was a success and the next step was to set experts from the National Security Agency and Israel’s Unit 8200 to work designing the complex computer worm that could attack the plant from within.

Alternative reading: http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=1&hp

No wonder American Anti-Virus companies were not saying who was responsible -for it was their own people!

glynf

maxxie wrote: »

American handy work

And they nabbed the IT guy as well.

Princess Consuela Bananahammock

Can't believe you only had 15,000 posts back then... sees like only yesterday.

af_thefragile

Hah, i knew it was an american-israeli invention from the moment i read this.