Security researchers were shocked to see in a twitter update from MalCon that one of the research paper submissions shortlisted is on possible features of Stuxnet 3.0. While this may just be a discussion and not a release, it is interesting to note that the speaker Nima Bagheri presenting the paper is from IRAN.
The research paper abstract discusses rootkit features and the malware authors may likely show demonstration at MalCon with new research related to hiding rootkits and advanced Stuxnet like malwares.
Stuxnet is a computer worm discovered in June 2010. It targets Siemens industrial software and equipment running Microsoft Windows. While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.
What is alarming is the recent discovery (On 1 September 2011) by The Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics, of a new worm theoretically related to Stuxnet. After analyzing the malware, they named it Duqu and Symantec, based on this report, continued the analysis of the threat, calling it "nearly identical to Stuxnet, but with a completely different purpose", and published a detailed technical paper. The main component used in Duqu is designed to capture information such as keystrokes and system information and this data may be used to enable a future Stuxnet-like attack.
No comments:
Post a Comment