Stuxnet - First weaponized malware?

[fabianhjr]

Well at least I have no direct threat from my little Caribbean island. A shame though when we reach apocalypse I have no useful skills for an end of the world scenario. Im only good as food.

Do you have some seasoning? All this mutant meat sucks.

[cilpolir]

damn it would be nice if the maker(s) of this mallware made the code open source

[sanddbox]

damn it would be nice if the maker(s) of this mallware made the code open source

And then have it get cracked in a day? The whole point is that people don't know what the virus is going to destroy.

[tgoe]

Here's an interesting overview of how its main payload operates:
http://www.symantec.com/connect/blogs/exploring-stuxnet-s-plc-infection-process
I'd love to take a crack at it but I can't seem to find a sample anywhere.

[cilpolir]

damn it would be nice if the maker(s) of this mallware made the code open source

And then have it get cracked in a day? The whole point is that people don't know what the virus is going to destroy.

I meant after it has destroyed it's thing

[fureto]

Wikileaks asked through their Twitter account earlier today if anyone had a sample of Stuxnet (I think that's how they put it) to DM them. They just posted this:

@wikileaks Stuxnet situation is extraordinary, sec analysts come to https://chat.wikileaks.org/ channel #stuxnet

If anyone's interested--don't know if they got it, or they just want to have a chat.

-- Sat Sep 25, 2010 8:10 pm --

On the wikileaks chat, someone said a sample of Stuxnet can be obtained at http://www.4shared.com/dir/yXu7eYRG/Upload_Virus.html# -- the file called stuxnet.rar. There is a very simple password.

[tgoe]

Yeah I caught that, thanks!

[sanddbox]

A few interesting facts about Stuxnet:

-It targets factories that refine uranium, not the nuclear plant itself, IIRC. It disables the system by blocking any action from the system for a tenth of a second - enough to ruin the enrichment of the uranium.
-It's speculated that its target has already been hit, due to failure of a nuclear facility in Iran last year (which is also believed to be why the head of energy unexpectedly quit after 12 years).
-Stuxnet uses 4 different 0days to gain access to the systems.
-Stuxnet is almost certainly the product of a nation state - as of right now, it is presumed to be Israel.

I'm impressed with Stuxnet because it appears to be the first real cyber attack - perhaps cyber terrorism really isn't a joke. Sorry if I restated facts mentioned in the OP's article or got some info wrong - I was reciting those facts from what I read a few hours ago. I'd post links, but I'm short on time. I do have an unpacked stub of Stuxnet if anyone wants it.

[Dwere]

So, have any of you seen the movie Live Free or Die Hard? That was the one with Justin Long who was the code writer for a part of a cyber-attack against the United States right?
Well is it possible/probable/likely/maybe that whoever is "behind" this isn't just one person? I mean they say it's a team put together by a nation state... Yeah... but couldn't it be just about anyone with a lot of money, outsourcing particular parts of code work to different people, so that no one specific person knows what exactly they were doing? Like in that movie?

I mean maybe I've gone a bit hollywood, but when I read this, that's what I was thinking of.

[fashizzlepop]

So, have any of you seen the movie Live Free or Die Hard? That was the one with Justin Long who was the code writer for a part of a cyber-attack against the United States right? <br>Well is it possible/probable/likely/maybe that whoever is "behind" this isn't just one person? I mean they say it's a team put together by a nation state... Yeah... but couldn't it be just about anyone with a lot of money, outsourcing particular parts of code work to different people, so that no one specific person knows what exactly they were doing? Like in that movie?<br><br>I mean maybe I've gone a bit hollywood, but when I read this, that's what I was thinking of.

When I read this, I was thinking "*triple facepalm*"

Yes, it was a good movie. No, it was completely jack shit when it comes to hacking.
Yes, that theory is theoretically possible. No, it's not rational AT ALL.